ACL+VLAN+DHCP

VLAN路由器上的配置

interface ethernet0/0.200

encapsulation dot1q 200

ip address 192.168.1.1 255.255.255.0

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

interface ethernet0/0.300

encapsolation dot1q 300

ip address 192.168.2.1 255.255.255.0

interface ethernet0/0.400

encapsolation dot1q 400

ip address 192.168.3.1 255.255.255.0

ACL的配置实现各部门不能互访

ip access-list extended vlan 200

deny ip any 192.168.2.0 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.255

deny ip any 192.168.1.0 0.0.0.255

deny ip any 192.168.3.0 0.0.0.255

permit ip any any

interface ethernet0/0.200

ip access-group vlan 200

interface ethernet0/0.300

ip access-group vlan 200

interface ethernet0/0.400

ip access-group vlan200

VLAN交换机的配置

interface fastethrnet0/1

switchport mode trunk

interface vlan1

ip address 192.168.0.2 255.255.255.0

interface f0/2

switchport mode access

switchport mode vlan 200

interface f0/3

switchport mode access

switchport mode vlan300

interface f0/4

switchport mode access

switchpor mode vlan400

转载于:https://blog.51cto.com/haoyou168/83220