实验步骤

拓扑图

1、规划vlan

xiaoshou        vlan10

shichang        vlan20

chanpin          vlan30

server             vlan40

connect          vlan50

boss               vlan88

2、配置vlan

SW3

vlan 10    //创建vlan
 description xiaoshou  //描述
vlan 20    
 description shicahng  
vlan 30    
 description chanpin

vlan 88
 description boss

vlan 40    
 description server
vlan 50    
 description connect 

SW1

vlan 10    
 description xiaoshou  
vlan 20    
 description shicahng  
vlan 30    
 description chanpin

SW2

vlan 10    
 description xiaoshou  
vlan 20    
 description shicahng  
vlan 30    
 description chanpin

vlan 88
 description boss

3、接口划分vlan

SW1

interface Ethernet0/0/1        //进入接口
 port link-type access           //配置接口类型
 port default vlan 10             //该端口指定的vlan
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
interface Ethernet0/0/3
 port link-type access
 port default vlan 30

SW2

interface Ethernet0/0/1
 port link-type access
 port default vlan 10
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
interface Ethernet0/0/3
 port link-type access
 port default vlan 30
interface Ethernet0/0/4
 port link-type access
 port default vlan 88

SW3

interface GigabitEthernet 0/0/4
 port link-type access
 port default vlan 40
interface GigabitEthernet 0/0/3
 port link-type access
 port default vlan 50

4、配置接口类型

SW3

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 30        //允许通过的vlan
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 88

SW1

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 30

SW2

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 20 30 88

5、规划ip地址

vlan10 ---- 192.168.10.0/24 
vlan20 ---- 192.168.20.0/24
vlan30 ---- 192.168.30.0/24
vlan40 ---- 192.168.40.0/24
vlan50 ---- 192.168.50.0/24
vlan88 ---- 192.168.88.0/24

svi相当于给每个vlan配置一个逻辑ip
ip基本上都是做vlan的网关

6、配置网段

SW3

interface Vlanif10                  //进入vlan10的接口
 ip address 192.168.10.254 255.255.255.0
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
interface Vlanif40
 ip address 192.168.40.254 255.255.255.0
interface Vlanif50
 ip address 192.168.50.254 255.255.255.0
interface Vlanif88
 ip address 192.168.88.254 255.255.255.0

7、配置DHCP

SW3当作DHCP 服务器
xiaoshou shichang chanpin
dhcp分配ip地址
每个vlan 对应一个网段 

SW3

dhcp enable

ip pool xiaoshou        //创建地址池名
 gateway-list 192.168.10.254
 network 192.168.10.0 mask 255.255.255.0
 dns-list  8.8.8.8

ip pool shichang
 gateway-list 192.168.20.254
 network 192.168.20.0 mask 255.255.255.0
 dns-list  8.8.8.8

ip pool chanpin
 gateway-list 192.168.30.254
 network 192.168.30.0 mask 255.255.255.0
 dns-list  8.8.8.8

interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select global                //分配地址池的地址
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select global
interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
 dhcp select global

 在pc上设置为dhcp并应用

查看获取的ip

现在就已经可以ping通其他vlan了

为了拍马屁给老板的ip设一个192.168.88.88招财的静态ip，也是可以访问其他vlan的

8、防火墙配置接口（路由器可以代替）

FW

interface GigabitEthernet0/0/3
 ip address 192.168.50.1 255.255.255.0
interface GigabitEthernet0/0/1
 ip address 202.1.1.1 255.255.255.0

9、划分接口区域

FW

firewall zone trust
 add interface GigabitEthernet0/0/3
firewall zone untrust
 add interface GigabitEthernet0/0/1

10、配置策略

FW

policy interzone trust untrust outbound
 policy 1 
  action permit 
  policy source 192.168.0.0 mask 16

11、配置nat

FW

nat-policy interzone trust untrust outbound 
 policy 1 
  action source-nat 
  policy source 192.168.0.0 mask 16
  easy-ip GigabitEthernet0/0/1

 这个时候还是访问不了外网的因为没有路由

12、配置路由

SW3

ip route-static 0.0.0.0 0.0.0.0 192.168.50.1 

FW

ip route-static 192.168.0.0 255.255.0.0 192.168.50.254

配置完路由后就可以访问外网了

到此实验结束！

如有需要ensp安装包的可以评论区留言或者私信。