1、通過劃分二層VLAN實現效果如上圖:A部門辦公電腦只能訪問A部門服務器,B部門辦公電腦只能訪問B部門服務器。(原理:二層vlan不設置網關,沒有網關不能跨網段通信)。
SW1配置:
[SW1]vlan batch 20 30
[SW1]interface GigabitEthernet 0/0/23
[SW1-GigabitEthernet0/0/23]port link-type access
[SW1-GigabitEthernet0/0/23]port default vlan 20
[SW1-GigabitEthernet0/0/23]int g 0/0/24
[SW1-GigabitEthernet0/0/24]port link-type access
[SW1-GigabitEthernet0/0/24]port default vlan 30
[SW1-GigabitEthernet0/0/24]int g 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30
[SW1]dis vlan
SW2配置(與SW1相同):
[SW2]vlan batch 20 30
[SW2]interface GigabitEthernet 0/0/23
[SW2-GigabitEthernet0/0/23]port link-type access
[SW2-GigabitEthernet0/0/23]port default vlan 20
[SW2-GigabitEthernet0/0/23]int g 0/0/24
[SW2-GigabitEthernet0/0/24]port link-type access
[SW2-GigabitEthernet0/0/24]port default vlan 30
[SW2-GigabitEthernet0/0/24]int g 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30
[SW2]dis vlan
測試結果:
