ÄϾ©»¯¹¤Ö°Òµ¼¼ÊõѧԺ±ÏÒµÉè¼Æ£¨ÂÛÎÄ£©

ÀíÓòÃû³ÆOA

switch # (vlan)#vtp server ÉèÖý»»»»úΪ·þÎñÆ÷ģʽ

switch # (vlan)#vlan 1 name qinye ´´½¨VLAN 1£¬ÎªÇÚÒµ²¿

switch # (vlan)#vlan 2 name xingzheng 2£¬ÎªÐÐÕþ²¿

switch # (vlan)#vlan 3 name yanfa 3£¬ÎªÑз¢²¿

switch # (vlan)#vlan 4 name netprinter ΪÍøÂç´òÓ¡»ú

switch # (vlan)#vlan 5 name server Ϊ·þÎñÆ÷×é

switch # (config)#interface vlan 1 switch # (config-if)#ip address 255.255.255.0

switch # (config)#interface vlan 1 switch # (config-if)#ip address 255.255.255.0

switch # (config)#interface vlan 3 switch # (config-if)#ip address 255.255.255.0

- 22 -

´´½¨VLAN ´´½¨VLAN ´´½¨VLAN 4£¬´´½¨VLAN 5£¬192.168.42.254

192.168.40.254

192.168.41.254

ÄϾ©»¯¹¤Ö°Òµ¼¼ÊõѧԺ±ÏÒµÉè¼Æ£¨ÂÛÎÄ£©

switch # (config)#interface vlan 4 switch 255.255.255.0

switch # (config)#interface vlan 5 switch 255.255.255.0

½«½ÓÈë²ã½»»»»úÉϵĶ˿ڸù¾ÝÐèÒª»®·ÖÖÁ¸÷¸öVLAN switch # (config-if)#exit 4.3.3ÅäÖÃACL

ÅäÖÃACL Ó¦ÓÃÔÚ¸÷¸ö²¿ÃÅVLAN½Ó¿ÚÉÏ£¬¿ØÖƸ÷²¿ÃÅ»¥·Ã

switch> switch > enable switch #config

switch(config)#access-list 10 permit 192.168.2.0 0.0.0.255 switch(config)#access-list 0.0.0.255

switch(config)#access-list 10 deny 192.168.0.0 0.0.255.255 switch(config)#access-list 10 permit any ½øÈëvlan 10

switch(config)# vlan 10

switch(config-vlan)#ip access-group 10 out

- 23 -

# (config-if)#ip address 192.168.30.254

# (config-if)#ip address 192.168.2.254

10 permit 192.168.30.0

ÄϾ©»¯¹¤Ö°Òµ¼¼ÊõѧԺ±ÏÒµÉè¼Æ£¨ÂÛÎÄ£©

°Ñ·ÃÎÊ¿ØÖÆÁбí10 Ó¦ÓÃÓÚVLAN 10 OUT·½ÏòÉÏ£¬Êг¡²¿ÄÚ²¿¿ÉÒÔ»¥·Ã£¬¿ÉÒÔ·ÃÎÊ·þÎñÆ÷Íø¶ÎºÍÍøÂç´òÓ¡»úÍø¶Î£¬µ«²»ÄÜ·ÃÎʲÆÎñ²¿ºÍÉè¼Æ²¿ËùÔÚÍø¶Î¡£

switch(config-vlan)#access-list 11 permit 192.168.2.0 0.0.0.255

switch(config-vlan)#access-list 11 permit 192.168.30.0 0.0.0.255

switch(config-vlan)#access-list 11 permit 192.168.42.0 0.0.0.255

switch(config-vlan)#access-list 0.0.255.255

switch(config-vlan)#access-list 11 permit any switch(config-vlan)#exit ½øÈëvlan 11

switch(config-vlan)#switch(config)# vlan 11 switch(config-vlan)#ip access-group 11 out

°Ñ·ÃÎÊ¿ØÖÆÁбí11Ó¦ÓÃÔÚVLAN 11 OUT·½ÏòÉÏ£¬²ÆÎñ²¿ÄÚ²¿¿ÉÒÔ»¥·ÃÎÊ£¬¿ÉÒÔ·ÃÎÊ·þÎñÆ÷Íø¶ÎºÍÍøÂç´òÓ¡»úÍøÂ磬¿ÉÒÔ·ÃÎÊÊг¡²¿Íø¶Î£¬µ«²»ÄÜ·ÃÎÊÉè¼Æ²¿Íø¶Î¡£

Éè¼Æ²¿VLAN 12 £¬ÍøÂç´òÓ¡»ú VLAN 13£¬·þÎñÆ÷ VLAN 20 ¿ÉÒÔ·ÃÎÊÈÎÒâÍø¶Î£¬Ó¦Ó÷ÃÎÊ¿ØÖÆÁбíaccess-list 110 ÔÚinµÄ·½ÏòÉÏ£¬·âµô³£¼û²¡¶¾¶Ë¿Ú¡£

- 24 -

11 deny 192.168.0.0

ÄϾ©»¯¹¤Ö°Òµ¼¼ÊõѧԺ±ÏÒµÉè¼Æ£¨ÂÛÎÄ£©

switch(config-vlan)#access-list 110 deny tcp any any eq 1068

switch(config-vlan)#access-list 110 deny tcp any any eq 2046

switch(config-vlan)#access-list 110 deny udp any any eq 2046

switch(config-vlan)#access-list 110 deny tcp any any eq 4444

switch(config-vlan)#access-list 110 deny udp any any eq 4444

switch(config-vlan)#access-list 110 deny tcp any any eq 1434

switch(config-vlan)#access-list 110 deny udp any any eq 1434

switch(config-vlan)#vaccess-list 110 deny tcp any any eq 5554

switch(config-vlan)#vaccess-list 110 deny tcp any any eq 9996

switch(config-vlan)#access-list 110 deny tcp any any eq 6881

switch(config-vlan)#access-list 110 deny tcp any any eq 6882

- 25 -