一、实验拓扑:
二、实验要求:
1、pc1和pc3所在接口为access;属于vlan2;
pc2/pc4/pc5/pc6处于同一网段;其中pc2可以访问pc4/pc5/pc6;
pc4可以访问pc6,pc5不能访问pc6;
2、pc1/pc3与pc2/pc4/pc5/pc6不在同一网段;
3、所有pc通过DHcP获职IP地址,且pc1/pc3可以正常访问pc2/pc4/pc5/pc6;
三、实验思路:
1、创建vlan。
2、划分接口,配置接口类型(access/trunk/hybrid)
3、配置路由器子接口,实现vlan间路由
4、配置DHCP,下发IP地址
5、验证配置
四、实验步骤:
1、创建vlan,每个交换机中都要创建所有vlan(2-6)
Sw:
sw1\]vlan batch 2 to 6 \[sw2\]vlan batch 2 to 6 \[sw3\]vlan batch 2 to 6 **检测:dis vlan** (sw1 为例)  #### 2、划分接口 交换机间接口为trunk类型,所有vlan都应该放行,连接pc1和pc2的接口因为都属于vlan2,所以access类型,其他pc连接接口vlan不同,所以用hybrid类型,。交换机 ###### Sw 1: \[sw1\]int g0/0/1 \[sw1-GigabitEthernet0/0/1\]port link-type access \[sw1-GigabitEthernet0/0/1\]port default vlan 2 \[sw1-GigabitEthernet0/0/1\]int g0/0/2 \[sw1-GigabitEthernet0/0/2\]port hybrid pvid vlan 3 \[sw1-GigabitEthernet0/0/2\]port hybrid untagged vlan 3 to 6 \[sw1\]int g0/0/3 \[sw1-GigabitEthernet0/0/3\]port link-type trunk \[sw1-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 to 6 **检测:dis port vlan active**  ###### Sw 2: \[sw2\]int g0/0/1 \[sw2-GigabitEthernet0/0/1\]port link-type access \[sw2-GigabitEthernet0/0/1\]port default vlan 2 \[sw2\]int g0/0/2 \[sw2-GigabitEthernet0/0/2\]port hybrid pvid vlan 4 \[sw2-GigabitEthernet0/0/2\]port hybrid untagged vlan 3 to 6 \[sw2\]int g0/0/3 \[sw2-GigabitEthernet0/0/3\]port link-type trunk \[sw2-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 to 6 \[sw2\]int g0/0/4 \[sw2-GigabitEthernet0/0/4\]port link-type trunk \[sw2-GigabitEthernet0/0/4\]port trunk allow-pass vlan 2 to 6 **检测:**  ###### Sw 3: \[sw3\]int g0/0/1 \[sw3-GigabitEthernet0/0/1\]port hybrid pvid vlan 5 \[sw3-GigabitEthernet0/0/1\]port hybrid untagged vlan 3 4 5 \[sw3\]int g0/0/2 \[sw3-GigabitEthernet0/0/2\]port hybrid pvid vlan 6 \[sw3-GigabitEthernet0/0/2\]port hybrid untagged vlan 3 4 6 \[sw3\]int g0/0/3 \[sw3-GigabitEthernet0/0/3\]port link-type trunk \[sw3-GigabitEthernet0/0/3\]port trunk allow-pass vlan 2 to 6 **检测:**  #### 3、配置路由器子接口,实现vlan间路由 因为vlan2和其他vlan不在一个网段内,所以要通过路由器进行互相访问。所以给valn2连接的是路由器的子接口,不撕标签的(不带标签的数据帧子接口会贴上标签),vlan3/4/5/6是连接的是路由器的物理接口,是撕标签。子接口的带vlan2标签的数据帧需要通过路由器的物理通道发给sw1,物理通道不识别带标签的数据帧,所以路由器的g0/0/0口依旧会把数据帧的标签撕掉,再查表转发给交换机。Sw1的g0/0/4口(hybrid口),默认valn为vlan1。 ###### Sw 1: \[sw1\]int g0/0/4 \[sw1-GigabitEthernet0/0/4\]port hybrid untagged vlan 3 4 5 6 \[sw1-GigabitEthernet0/0/4\]port hybrid tagged vlan 2 **检测:**  ###### R1: \[R1\]int g0/0/0 //**物理接口** \[R1-GigabitEthernet0/0/0\]ip add 192.168.1.1 24 \[R1\]int g0/0/0.1 //**子接口** \[R1-GigabitEthernet0/0/0.1\]ip add 192.168.2.1 24 \[R1-GigabitEthernet0/0/0.1\]dot1q termination vid 2 \[R1-GigabitEthernet0/0/0.1\]arp broadcast enable #### 4、配置DHCP,下发IP地址 在路由器的物理口和子接口分别创建地址池,下发IP地址 \[R1\]ip pool aa //**物理接口(vlan3/4/5/6)对应的1.0网段** \[R1-ip-pool-aa\]network 192.168.1.0 mask 24 \[R1-ip-pool-aa\]gateway-list 192.168.1.1 \[R1-ip-pool-aa\]dns-list 8.8.8.8 \[R1\]int g0/0/0 \[R1-GigabitEthernet0/0/0\]dhcp select global \[R1\]ip pool bb //**子接口(vlan2)对应的2.0网段** \[R1-ip-pool-bb\]network 192.168.2.0 mask 24 \[R1-ip-pool-bb\]gateway-list 192.168.2.1 \[R1\]int g0/0/0.1 \[R1-GigabitEthernet0/0/0.1\]dhcp select global **检测**:    #### 5、验证配置: ###### Pc2 ping pc4/5/6 Pc2: 192.168.1.254 Pc4: 192.168.1.253 Pc5: 192.168.1.252 Pc6: 192.168.1.251    ###### Pc4可以访问pc6:  ###### Pc5不能访问pc6:  ###### pc1/pc3可以正常访问pc2/pc4/pc5/pc6 pc1 ping pc2: 