首先你交换机 vlanif 10 掩码错了 是192.168.10.254 255.255.255.0 不是255.255.0.0 。
我的配置思路是要控制A网和B网不能互通,C网可以同时访问A网和B网.使用静态路由方式控制访问。
交换机C上配置vlan10 20 30 配置vlanif 192.168.10.254/20.254/30.254。设置G0/0/2为trunk 允许vlan 10 通过 设置G0/0/1为trunk 允许vlan 20 通过 E0/0/1 端口为vlan 30
交换机A上配置vlan10 设置vlanif 192.168.10.1 并作为pc电脑的网关。设置G0/0/2为trunk 允许vlan 10 通过 设置 E0/0/1 端口为vlan10
交换机B上配置vlan20 设置vlanIF 192.168.20.1并作为PC地址的网关 设置G0/0/2为trunk 允许vlan 20 通过 设置 E0/0/1 端口为vlan 20
PCA 配置ip 192.168.10.10 255.255.255.0 192.168.10.1
PCB 配置IP 192.168.20.20 255.255.255.0 192.168.20.1
PCC 配置IP 192.168.30.30 255.255.255.0 192.168.30.254
如果现在ping 测试你会发现PCA 、pcb、pcc 都是能通的。假如你把PCA 和PCB 的网关改为254的话 你会发现PCA 、pcb、pcc 都是互通的,因为使用网关都是254 的话都在交换机C上面进行路由交换由于A和B 不能互通所以这里种方式就不可行。因此我们才在交换机A 和B 上设置vlanif 192.168.10.1 和192.168.20.1 后,我就可以在交换机A和B上设置静态路由控制A网和B网不能互通,C网可以同时访问A网和B网。
A交换机静态路由设置 ip route-static 192.168.30.0 24 192.168.10.254 (C网可以访问A)
B交换机静态路由设置 ip route-static 192.168.30.0 24 192.168.20.254 (C网可以访问B)
现在就可以实现了A网和B网不能互通,C网可以同时访问A网和B网
交换机配置如下
交换机A
sysname swa
#
vlan batch 10
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface NULL0
#
ip route-static 192.168.30.0 255.255.255.0 192.168.10.254
#
user-interface con 0
user-interface vty 0 4
交换机B
sysname SWB
#
vlan batch 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface NULL0
#
ip route-static 192.168.30.0 255.255.255.0 192.168.20.254
#
user-interface con 0
user-interface vty 0 4
交换机C
sysname SWC
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#