我通过一个多层交换机和一个具有 DHCP 服务的路由器配置了两个 vlan。我配置了中继和访问端口,如下图所示。
我需要阻止 vlan 之间的流量。
.gif 显示我的网络目前允许在 Vlan10 和 Vlan20 之间发送消息,但他们不应该看到对方。
我怎样才能阻止这种流量?已配置子接口并封装 dot1q [vlan number]。
谢谢您的帮助!!
Cisco Packet Tracer 文件:dropbox.com/s/y7cplt8l6zpv303/v2.pkt?dl=0
在另一个网络中使用的具有相同目的的命令:docs.google.com/document/d/120PfwrPki67Z2gMxoCz8Z6SidulgLCiUVLU-NqVBq3w/edit#
** ROUTER CONFIG
ip dhcp pool 10
network 172.16.0.0 255.255.255.128
default-router 172.16.0.1
ip dhcp pool 20
network 172.17.0.0 255.255.255.128
default-router 172.17.0.1
ip dhcp pool vlan10
network 172.16.0.0 255.255.255.128
default-router 172.16.0.1
ip dhcp pool vlan20
network 172.17.0.0 255.255.255.128
default-router 172.17.0.1
!
Router#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.116.1.1 YES manual up up
FastEthernet0/0.10 172.16.0.1 YES manual up up
FastEthernet0/0.20 172.17.0.1 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Router#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
**** Switch config
interface FastEthernet0/1
switchport trunk allowed vlan 1-19,21-1005
!
interface FastEthernet0/2
switchport trunk allowed vlan 1-9,11-1005
!
Switch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 vlan10 active
20 vlan20 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0