数通-acl+rip综合实验（NA）-ensp

实验要求:
3、教学部，管理部，市场部和财务部分别使用192.168.1.0/24，192.168.2.0/24192.168.3.8/24，192.168.4.0/24四个网段，服务器地址为10.1.1.0/24网段，设备互联地址使用子网掩码为30的子网，并使用192.168.0.0/24网段进行子网规划所得。
4、SW3和sM4作为汇聚设备，vlan10和vlan20的网关配置在sw3；vlan30和vlan40网关配置在sw4上；AR1和AR2为核心设备，核心设备之间为了增加链路带宽和提高可靠性，使用的链路聚合技术。内网使用RIP路由协议实现全网互通，要求SW3连接的部门和SW4连接的部门相互通信时，SW3的数据流必须经过AR1（SW3->AR1->AR2->SW4），SW4的数据流必须经过AR2（SW4->AR2->AR1->SW3）。
5、财务部数据比较重要，所以要求只有管理部能访问财务部，其他两个部门不能访问财务部
6、教学部无法访问内网的Web服务，其他部门都能够访问；财务部和教学部不能访问FTP服务，其它部门可以访问。
实验步骤：
SW1

[SW1]vlan batch 10 20
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]p l a
[SW1-GigabitEthernet0/0/3]p de v 10
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]p l a
[SW1-GigabitEthernet0/0/4]p de v 20
[SW1-GigabitEthernet0/0/4]q
[SW1]int vlan 10
[SW1-Vlanif10]ip address 192.168.1.1 24
[SW1-Vlanif10]int vlan 20
[SW1-Vlanif20]ip address 192.168.2.1 24
[SW1]vlan batch 100 200
[SW1]int vlan 100
[SW1-Vlanif100]ip address 192.168.0.1 30
[SW1-Vlanif100]int vlan 200
[SW1-Vlanif200]ip address 192.168.0.9 30
[SW1-Vlanif200]q
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]p l a
[SW1-GigabitEthernet0/0/2]p de v 100
[SW1-GigabitEthernet0/0/2]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l a
[SW1-GigabitEthernet0/0/1]p de v 200
[SW1-GigabitEthernet0/0/1]q
[SW1]rip
[SW1-rip-1]undo summary
[SW1-rip-1]ve 2
[SW1-rip-1]network 192.168.1.0
[SW1-rip-1]network 192.168.2.0
[SW1-rip-1]network 192.168.0.0
[SW1-rip-1]q
[SW1-GigabitEthernet0/0/1]int vlan 200
[SW1-Vlanif200]rip metricin 5
[SW1-Vlanif200]q

SW2
[SW2]vlan batch 30 40
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]p l a
[SW2-GigabitEthernet0/0/3]p d v 30
[SW2-GigabitEthernet0/0/3]int g0/0/4
[SW2-GigabitEthernet0/0/4]p l a
[SW2-GigabitEthernet0/0/4]p d v 40
[SW2-GigabitEthernet0/0/4]q
[SW2]in vlan 30
[SW2-Vlanif30]ip address 192.168.3.1 24
[SW2-Vlanif30]in vlan 40
[SW2-Vlanif40]ip address 192.168.4.1 24
[SW2-Vlanif40]q
[SW2]vlan batch 300 400
[SW2]int vlan 300
[SW2-Vlanif300]ip address 192.168.0.14 30
[SW2-Vlanif300]int vlan 400
[SW2-Vlanif400]ip address 192.168.0.17 30
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l a
[SW2-GigabitEthernet0/0/1]p de v 300
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]p l a
[SW2-GigabitEthernet0/0/2]p de v 400
[SW2-GigabitEthernet0/0/2]q
[SW2]rip
[SW2-rip-1]undo summary
[SW2-rip-1]v 2
[SW2-rip-1]network 192.168.3.0
[SW2-rip-1]network 192.168.4.0
[SW2-rip-1]network 192.168.0.0
[SW2-rip-1]q
[SW2]int vlan 300
[SW2-Vlanif300]rip metricin 5
[SW2-Vlanif300]q
[SW2]acl 2000
[SW2-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[SW2-acl-basic-2000]rule deny source 192.168.3.0 0.0.0.255
[SW2-acl-basic-2000]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000
[SW2-GigabitEthernet0/0/2]q
[SW2-GigabitEthernet0/0/2]int g0/0/4
[SW2-GigabitEthernet0/0/4]traffic-filter outbound acl 2000
[SW2-GigabitEthernet0/0/4]

AR1
[AR1]int Eth-Trunk 1
[AR1-Eth-Trunk1]undo portswitch
[AR1-Eth-Trunk1]trunkport g0/0/1
[AR1-Eth-Trunk1]trunkport g0/0/2
[AR1-Eth-Trunk1]q
[AR1]int g3/0/0
[AR1-GigabitEthernet3/0/0]ip address 192.168.0.2 30
[AR1-GigabitEthernet3/0/0]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.0.13 30
[AR1-GigabitEthernet0/0/0]int et 1
[AR1-Eth-Trunk1]ip address 192.168.0.5 30
[AR1-Eth-Trunk1]q
[AR1]rip
[AR1-rip-1]undo su
[AR1-rip-1]v 2
[AR1-rip-1]network 192.168.0.0
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]rip metricin 5
[AR1]ACL 3000
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination 10.1.1.
10 0.0.0.0 destination-port eq www //拒绝192.168.1.10访问10.1.1.10的HTTP服务器
[AR1-acl-adv-3000]int g3/0/0
[AR1-GigabitEthernet3/0/0]traffic-filter inbound acl 3000
[AR1-GigabitEthernet3/0/0]q
[AR1]acl 3000
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination 10.1.1.
10 0.0.0.0 destination-port range 20 21 //拒绝192.168.1.10访问10.1.1.10的FTP服务器
[AR1-acl-adv-3000]int g3/0/0
[AR1-GigabitEthernet3/0/0]traffic-filter inbound acl 3000
AR2
[AR2]int Eth-Trunk 1
[AR2-Eth-Trunk1]undo portswitch //关闭端口交换功能
[AR2-Eth-Trunk1]trunkport g0/0/1
[AR2-Eth-Trunk1]trunkport g0/0/2
[AR2-Eth-Trunk1]q
[AR2]int Eth-Trunk 1
[AR2-Eth-Trunk1]ip address 192.168.0.6 30
[AR2-Eth-Trunk1]int g4/0/0
[AR2-GigabitEthernet4/0/0]ip address 10.1.1.1 24
[AR2-GigabitEthernet4/0/0]int g3/0/0
[AR2-GigabitEthernet3/0/0]ip address 192.168.0.18 30
[AR2-GigabitEthernet3/0/0]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.0.10 30
[AR2-GigabitEthernet0/0/0]q
[AR2]rip
[AR2-rip-1]undo summary
[AR2-rip-1]vers 2
[AR2-rip-1]network 192.168.0.0
[AR2-rip-1]network 10.0.0.0
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]rip metricin 5
*注意：选路时关闭stp
参考，如有错误请指正，谢谢！