综合项目三
项目背景:
我院107实验室是网络综合实验室,现有计算机若干台,使用一台二层交换机连接各台电脑。实验室出口是一块三层交换机,与1号楼的出口路由器相连。平时在实验室内,教师和学生能够相互通信。现发现部分同学实验课上偷偷上网。现在要求:实验课上老师和同学们能够通信,教师可以上网,同学们可以发送邮件等,不能访问www服务。假如你是107实验室管理员,请你完整以上要求。
计算机名 |
Ip |
网关 |
掩码 |
Vlan |
SB |
F0/2 192.168.30.1/24 | |||
| ||||
R1 |
F0/0 192.168.30.2/24 F0/1 200.200.200.1/24 | |||
| ||||
Pc0 |
192.168.10.2 |
192.168.10.1 |
255.255.255.0 |
Vlan10 |
Pc1 |
192.168.10.3 |
192.168.10.1 |
255.255.255.0 |
Vlan10 |
PC2 |
192.168.20.2 |
192.168.20.1 |
255.255.255.0 |
Vlan20 |
服务器 |
200.200.200.2 |
200.200.200.1 |
255.255.255.0 |
|
SB
SB#conf t SB(config)#int vlan 10 SB(config-if)#int vlan 20 SB(config-if)#exit SB(config)#int vlan 20 SB(config-if)#ip add 192.168.20.1 255.255.255.0 SB(config-if)#no shut SB(config-if)#int vlan 10 SB(config-if)#ip add 192.168.10.1 255.255.255.0 SB(config-if)#exit SB(config)#ip routing SB(config)#interface FastEthernet0/1 SB(config-if)#switchport mode trunk SB(config-if)#int f0/2 SB(config-if)#no switchport SB(config-if)#ip add 192.168.30.1 255.255.255.0//为f0/2添加端口号 SB(config-if)#ip routing SB#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.10.0/24 is directly connected, Vlan10 C 192.168.20.0/24 is directly connected, Vlan20 C 192.168.30.0/24 is directly connected, FastEthernet0/2 SB#conf t Enter configuration commands, one per line. End with CNTL/Z. SB(config)#ip route 192.168.30.0 200.200.200.0 192.168.30.2//静态路由 %Inconsistent address and mask SB(config)#ip route 200.200.200.0 255.255.255.0 192.168.30.2//静态路由 SB(config)#ip routing
R1
Router>enable Router#configure terminal R1(config)#interface FastEthernet0/0 R1(config-if)#ip address 192.168.30.2 255.255.255.0 R1(config-if)#exit R1(config)#interface FastEthernet0/1 R1(config-if)#ip address 200.200.200.1 255.255.255.0 R1(config-if)#end R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.1 R1(config)#ip route 192.168.10.0 255.255.255.0 192.168.30.1 R1(config)#access-list 114 deny tcp 192.168.10.0 0.0.0.255 200.200.200.2 0.0.0.0 eq 80 R1(config)#access-list 114 permit icmp any any R1(config)#access-list 114 permit tcp 192.168.20.0 0.0.0.255 any R1(config)#access-list 114 permit icmp 192.168.20.0 0.0.0.255 any R1(config)#int f0/1 R1(config-if)#ip access-group 114 out
结果:
原文:http://www.cnblogs.com/jianfengyun/p/3756788.html