ÍøÂ繤³ÌÉè¼ÆÓëϵͳ¼¯³É
ÁËÔÀ´µÄ¶Ë¿Ú£¬µ½ÁËÒ»¸öÐĵý»»»»úij¸ö¶Ë¿Ú£¬ÄÇô¾Í±ØÐëÖØж¨Òå¡£
2.»ùÓÚMACµØÖ·»®·ÖVLAN
ÕâÖÖ»®·ÖVLANµÄ·½·¨ÊǸù¾Ýÿ¸öÖ÷»úµÄ,MACµØÖ·»®·ÖµÄ£¬¼´¶Ôÿ¸öMACµØÖ·µÄÖ÷»ú¶¼ÅäÖÃËüÊôÓÚÄĸö×é¡£ÕâÖÖ»®·ÖVLANµÄ·½·¨×î´óµÄÓŵã¾ÍÊǵ±Óû§ÎïÀíλÖÃÒƶ¯Ê±£¬¼´´ÓÒ»¸ö½»»»»ú»»µ½ÆäËü½»»»»úʱ£¬VLAN²»ÓÃÖØÐÂÅäÖã¬ËùÒÔ£¬¿ÉÒÔÈÏΪÕâÖÖ¸ù¾ÝMACµØÖ·µÄ»®·Ö·½·¨ÊÇ»ùÓÚÓû§µÄVLAN£¬ÕâÖÖ·½·¨µÄȱµãÊdzõʼ»¯Ê±ËùÓеÄÓû§¶¼±ØÐë½øÐÐÅäÖã¬Èç¹ûÓм¸°Ù¸öÉõÖÁÉÏǧ¸öÓû§µÄ»°£¬ÅäÖÃÊǷdz£À۵ġ£¶øÇÒÕâÖÖ»®·ÖµÄ·½·¨Ò²µ¼ÖµĽ»»»»úÖ´ÐÐЧÂʵĽµµÍ£¬ÒòΪÔÚÿһ¸ö½»»»»úµÄ¶Ë¿Ú¶¼¿ÉÄÜ´æÔںܶà¸öVLAN×éµÄ³ÉÔ±£¬ÕâÑù¾ÍÎÞ·¨ÏÞÖƹ㲥°üÁË¡£ÁíÍ⣬¶ÔÓÚʹÓñʼDZ¾µçÄÔµÄÓû§À´Ëµ£¬ËûÃǵÄÍø¿¨¿ÉÄܾ³£¸ü»»£¬ÕâÑùVLAN¾Í±ØÐ벻ͣµÄÅäÖá£
3.»ùÓÚIP»®·ÖVLAN
IP×鲥ʵ¼ÊÉÏÒ²ÊÇÒ»ÖÖVLANµÄ¶¨Ò壬¼´ÈÏΪһ¸ö×é²¥¾ÍÊÇÒ»¸öVLAN£¬ÕâÖÖ»®·ÖµÄ·½·¨½«VLANÀ©´óµ½Á˹ãÓòÍø£¬Òò´ËÕâÖÖ·½·¨¾ßÓиü´óµÄÁé»îÐÔ£¬¶øÇÒÒ²ºÜÈÝÒ×ͨ¹ý·ÓɽøÐÐÀ©Õ¹£¬µ±È»ÕâÖÖ·½·¨²»ÊʺϾÖÓòÍø£¬Ö÷ÒªÊÇЧÂʲ»¸ß¡£
¼øÓÚµ±Ç°VLAN·¢Õ¹µÄÇ÷ÊÆ£¬¿¼Âǵ½¸÷ÖÖVLAN»®·Ö·½Ê½µÄÓÅȱµã£¬ÎªÁË×î´ó³Ì¶ÈÉÏÂú×ãÓû§ÔÚ¾ßÌåʹÓùý³ÌÖеÄÐèÇ󣬼õÇáÓû§ÔÚVLANµÄ¾ßÌåʹÓúÍά»¤ÖеŤ×÷Á¿£¬¶àÊý²ÉÓøù¾Ý½»»»»ú¶Ë¿ÚÀ´»®·ÖVLANµÄ·½·¨£¬±¾´ÎÍøÂç²ÉÓûùÓڶ˿ڻ®·ÖVLANµÄ·½Ê½À´ÊµÏÖ£¬ÏÂÃæÊǾßÌå´úÂë¡£ »®·ÖVLANµÄ´úÂ룺
25
ÍøÂ繤³ÌÉè¼ÆÓëϵͳ¼¯³É
Switch>en Switch#conf t Switch(config)#vlan 1 Switch(config-vlan)#exit Switch(config)#vlan 2 Switch(config-vlan)#exit
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport mode trunk //½«0/1¶Ë¿ÚÉèÖÃΪ´®¿Ú Switch(config-if)#interface fastEthernet 0/2
Switch(config-if)#switchport access vlan 1 //½«0/2¶Ë¿Ú»®µ½VLAN1ÖÐ Switch(config-if)#interface fastEthernet 0/3
Switch(config-if)#switchport access vlan 2 //½«0/3¶Ë¿Ú»®µ½VLAN2ÖÐ
ÅäÖÃÀ©Õ¹·ÃÎÊ¿ØÖÆÁÐ±í£º
R(config)#access_list 101 permit tcp any host 150.208.160.3 eq pop3
R(config)#access_list 101 permit tcp any host 150.208.160.3 eq smtp
R(config)#access_list 101 permit tcp any host 150.208.160.3 eq www
R(config)#access_list 101 permit tcp any host 150.208.160.4 eq www
R(config)#access_list 101 deny ip any host 150.208.160.3 R(config)#access_list 101 deny ip any host 150.208.160.4 R(config)#access_list 101 deny icmp any any echo
26
ÍøÂ繤³ÌÉè¼ÆÓëϵͳ¼¯³É
R(config)#access_list 101 deny tcp any any eq 4444 R(config)#access_list 101 deny udp any any eq tftp R(config)#access_list 101 deny udp any any eq 1434 R(config)#access_list 101 deny tcp any any eq 445 R(config)#access_list 101 deny tcp any any eq 139 R(config)#access_list 101 deny udp any any eq netbios-ss R(config)#access_list 101 deny tcp any any eq 135 R(config)#access_list 101 deny udp any any eq 135 R(config)#access_list 101 deny udp any any eq netbios-ns R(config)#access_list 101 deny udp any any eq netbious-dgm R(config)#access_list 101 deny udp any any eq 445 R(config)#access_list 101 deny tcp any any eq 593 R(config)#access_list 101 deny udp any any eq 593 R(config)#access_list 101 deny tcp any any eq 5800 R(config)#access_list 101 deny tcp any any eq 5900 R(config)#access_list 101 deny udp any any eq 6667 R(config)#access_list 101 deny 255 any any R(config)#access_list 101 deny 0 any any R(config)#access_list 101 permit ip any any R(config)#interface s0/0
27
ÍøÂ繤³ÌÉè¼ÆÓëϵͳ¼¯³É
R(config-if) access-grroup 110 in
VRRP+MSTPµÄÅäÖ㨸ºÔؾùºâÓëÁ´Â·ÈßÓࣩ 1.·Óɽ»»»»úÅäÖÃVRRP×é (1)
Ö÷ºËÐÄÉ豸VRRPÅäÖà interface vlan 10
ip address 192.168.10.10 255.255.255.0 standby 1 ip 192.168.10.1 standby 1 preempt standby 1 priority 254 interface vlan 20
ip address 192.168.20.10 255.255.255.0 standby 1 ip 192.168.20.1 standby 1 preempt (2)
±¸·ÝºËÐÄÉ豸VRRPÅäÖà interface vlan 10
ip address 192.168.10.11 255.255.255.0 standby 1 ip 192.168.10.1 standby 1 preempt interface vlan 20
28