网络安全学习--单臂路由
作者:互联网
单臂路由
- VLAN控制广播域
- 不同VLAN间无法通信
- 1个VLAN=1个网段
- 不同VLAN间通信是靠路由来实现的
通过单臂路由实现不同VLAN之间的设备通信
1. 以下实验需设置两个VLAN
VLAN10:10.1.1.0/24
VLAN20:20.1.1.0/24
2. 三台交换机上都配置VLAN10,VLAN20,将10.1.1.0/24网段主机加入VLAN10,20.1.1.0/24网段主机加入VLAN20
3. 三台交换机之间接口(Switch1[Fa0/3,Fa0/4,Fa0/5],Switch2[Fa0/3],Switch[Fa0/4])使用Trunk
4. 为路由器fa0/0配置子接口fa0/0.1和fa0/0.2,并为两个子接口设置IP,子网掩码等信息
fa0/0.1--IP:10.1.1.254
fa0/0.2--IP:20.1.1.254
子接口配置完成后要启动路由器上的fa0/0接口
#--------------------------配置三台交换机------------------------------
#---------------------配置Switch1交换机--------------------------
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#interface fa0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
Switch(config-if)#
Switch(config-if)#exit
Switch(config)#interface fa0/4
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
Switch(config-if)#
Switch(config-if)#interface fa0/5
Switch(config-if)#switchport mode trunk
Switch(config-if)#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 VLAN0010 active Fa0/1
20 VLAN0020 active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
#---------------------配置Switch1交换机--------------------------
#---------------------配置Switch2交换机--------------------------
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#interface fa0/3
Switch(config-if)#switchport mode trunk
#---------------------配置Switch2交换机--------------------------
#---------------------配置Switch3交换机--------------------------
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#interface fa0/4
Switch(config-if)#switchport mode trunk
#---------------------配置Switch3交换机--------------------------
#--------------------------配置三台交换机------------------------------
#--------------------------配置路由器----------------------------------
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#interface fa0/0.1
Router(config-subif)#encapsulation dot1
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip addr 10.1.1.254 255.255.255.0
Router(config-subif)#no shutdown
Router(config-subif)#exit
Router(config)#interface fa0/0.2
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#no shutdown
Router(config-subif)#ip addr 20.1.1.254 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.2, changed state to up
Router(config-if)#
Router(config-if)#
Router(config-if)#
Router(config-if)#do show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet protocol processing disabled
FastEthernet0/0.1 is up, line protocol is up (connected)
Internet address is 10.1.1.254/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP Fast switching turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/0.2 is up, line protocol is up (connected)
Internet address is 20.1.1.254/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP Fast switching turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is administratively down, line protocol is down (disabled)
Internet protocol processing disabled
Vlan1 is administratively down, line protocol is down
Internet protocol processing disabled
#--------------------------配置路由器----------------------------------
# 配置完成后,下面所有PC之间可以实现通信
#-----------------------在PC0上访问其它主机
C:\>ping 10.1.1.2
Pinging 10.1.1.2 with 32 bytes of data:
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Ping statistics for 10.1.1.2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Request timed out.
Reply from 20.1.1.1: bytes=32 time<1ms TTL=127
Reply from 20.1.1.1: bytes=32 time<1ms TTL=127
Reply from 20.1.1.1: bytes=32 time<1ms TTL=127
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
#-----------------------在PC0上访问其它主机
标签:--,IP,Fa0,disabled,Switch,Router,config,路由,单臂 来源: https://blog.csdn.net/xuwenpeng/article/details/121882896