1.在S1上设置VTP
Switch(config)#vtp domain vtp1 Changing VTP domain name from NULL to vtp1 Switch(config)#vtp mode server Setting device to VTP server mode. Switch(config)#vtp password 123 Setting device VLAN database password to 123 2.在S1上建立三个VLAN Switch(config)#vlan 10 Switch(config-vlan)#vlan 20 Switch(config-vlan)#vlan 30 Switch(config-vlan)# 3.在S1上定义三个VLAN Switch(config)#int vlan 10 %LINK-5-CHANGED: Interface Vlan10, changed state to up Switch(config-if)#ip add 192.168.10.1 255.255.255.0 Switch(config-if)#int vlan 20 %LINK-5-CHANGED: Interface Vlan20, changed state to up Switch(config-if)#ip add 192.168.20.1 255.255.255.0 Switch(config-if)#int vlan 30 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan30, changed state to up Switch(config-if)#ip add 192.168.30.1 255.255.255.0 4.把S1的三个接口全部开起TRUNK Switch(config-if)#int range fa0/1 - 3 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk 5.S2.S3.S4分别设置VTP Switch(config)#vtp domain vtp1 Changing VTP domain name from NULL to vtp1 Switch(config)#vtp mode client \\注意模式 Setting device to VTP CLIENT mode. Switch(config)#vtp password 123 Setting device VLAN database password to 123 6.S2.S3.S4的端口分别加入VLAN Switch(config)#int fa0/2 Switch(config-if)#switchport access vlan 10 Switch(config-if)#int fa0/3 Switch(config-if)#switchport access vlan 30 \\格式一样 我只抄我S4的给你参考 7.分别设置各PC的IP,测试,各PC全部可以相互PING通. 8.做ACL Switch(config)#access-list 1 permit 192.168.10.0 0.0.0.255 Switch(config)#access-list 1 permit 192.168.30.0 0.0.0.255 Switch(config)#access-list 1 deny 192.168.20.0 0.0.0.255 \\定义ACLSwitch(config-if)#int vlan 10
Switch(config-if)#ip access-group 1 in Switch(config-if)#int vlan 20 Switch(config-if)#ip access-group 1 in Switch(config-if)#int vlan 30 Switch(config-if)#ip access-group 1 in Switch(config-if)#exi \\在VLAN上使用ACL 到此已经完成此实验,测试,192.168.10.0 可以和 192.168.30.0 通讯 192.168.20.0不能和其他两个网段通讯.