SW1

sys
sys SW1
vlan ba 2 3 10
int g0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
int g0/0/2
 port link-type access
 port default vlan 2
int g0/0/3
 port link-type access
 port default vlan 10
dis port vlan

SW2

sys
sys SW2
vlan ba 2 3 10
int g0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
int ether0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
int ether0/0/2
 port link-type access
 port default vlan 3
int ether0/0/3
 port link-type access
 port default vlan 10
dis port vlan

AR1

sys
sys CE1
dhcp enable
int g0/0/0.2
 dot1q termination vid 2
 ip address 10.0.2.1 24 
 arp broadcast enable
 dhcp select int
 dhcp server dns-list 114.114.114.114
int g0/0/0.3
 dot1q termination vid 3
 ip address 10.0.3.1 24 
 arp broadcast enable
 dhcp select int
 dhcp server dns-list 114.114.114.114
int g0/0/0.10
 dot1q termination vid 10
 ip address 10.0.10.1 24 
 arp broadcast enable
 dhcp select int
 dhcp server dns-list 114.114.114.114
acl 2000
 rule permit source 10.0.2.0 0.0.0.255
 rule permit source 10.0.3.0 0.0.0.255
 rule permit source 10.0.10.0 0.0.0.255
int g0/0/1
 ip add 114.114.114.1 24
 nat outbound 2000
dis ip rout

PC

ipconfig
ping 10.0.x.254
ping 114.114.114.114
ping www.123.com

ASW1

sys
sys ASW1
vlan ba 2 3 10
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type access
port default vlan 2
int g0/0/3
port link-type access
port default vlan 10
dis port vlan

ASW2

sys
sys ASW2
vlan ba 2 3 10
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type access
port default vlan 10
int g0/0/3
port link-type access
port default vlan 3
dis port vlan

CE1

sys
sys CE1
acl 2000
rule permit source 10.0.2.0 0.0.0.255
rule permit source 10.0.3.0 0.0.0.255
rule permit source 10.0.10.0 0.0.0.255
int g0/0/0
ip add 10.0.100.2 24
int g0/0/1
ip add 114.114.114.1 24
nat outbound 2000
ip route-s 0.0.0.0 0.0.0.0 114.114.114.114
ospf 1
default-route-adv
area 0
net 10.0.100.0 0.0.0.255
dis ip rout

DSW1

sys
sys DSW1
vlan ba 2 3 10 100
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
int g0/0/2
port link-type trunk
port trunk allow-pass vlan all
int g0/0/3
port link-type access
port default vlan 100
dhcp enable
int vlanif 2
ip address 10.0.2.1 24
dhcp select int
dhcp server dns-list 114.114.114.114
int vlanif 3
ip address 10.0.3.1 24
dhcp select int
dhcp server dns-list 114.114.114.114
int vlanif 10
ip address 10.0.10.1 24
dhcp select int
dhcp server dns-list 114.114.114.114
int vlanif 100
ip address 10.0.100.1 24
ospf 1
area 0
net 10.0.100.0 0.0.0.255
area 2
net 10.0.2.0 0.0.0.255
area 3
net 10.0.3.0 0.0.0.255
area 10
net 10.0.10.0 0.0.0.255
dis port vlan
dis ip int br
dis ip rout

PC

ipconfig
ping 10.0.x.254
ping 114.114.114.114
ping www.123.com

在上一个实验的基础上配置

Task1

CE1

return
dis acl 2000
sys
acl 2000
 undo rule 10

PCD

ping 10.0.2.254
ping www.123.com

Task2

ASW2

return
sys
vlan 50
int g0/0/4
 port link-type access
 port default vlan 50
dis port vlan

CE1

return
sys
acl 2000
 rule permit source 10.0.50.0 0.0.0.255
dis acl 2000

DSW1

return
sys
vlan 50
int vlanif 50
 ip address 10.0.50.1 24 
 dhcp select int
 dhcp server dns-list 114.114.114.114
ospf 1
 area 50
 net 10.0.50.0 0.0.0.255
dis ip int br
dis ip rout

PC Guest

ping www.123.com
ping 10.0.2.254
ping 10.0.3.254
ping 10.0.10.254

ASW2

return
sys
acl 3050
 rule deny ip source 10.0.50.0 0.0.0.255 destin 10.0.0.0 0.255.255.255
int g0/0/4
 traffic-filter inbound acl 3050

PC Guest

ping www.123.com
ping 10.0.2.254
ping 10.0.3.254
ping 10.0.10.254