ACL限制vlan间的访问.docx
- 文档编号:8098615
- 上传时间:2023-05-12
- 格式:DOCX
- 页数:12
- 大小:139.44KB
ACL限制vlan间的访问.docx
《ACL限制vlan间的访问.docx》由会员分享,可在线阅读,更多相关《ACL限制vlan间的访问.docx(12页珍藏版)》请在冰点文库上搜索。
ACL限制vlan间的访问
ACL限制vlan间的访问
2010-08-0309:
32:
06
标签:
vlanacl限制互访
版权声明:
原创作品,谢绝转载!
否则将追究法律责任。
实验要求:
Vlan2、vlan3之间可以互访,vlan4、vlan2,vlan4、vlan3之间不可以互访,同时都可以访问internet 。
配置:
R1#sh run
Building configuration...
Current configuration :
456 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 12.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
line con 0
line vty 0 4
login
!
!
end
R0#sh run
Building configuration...
Current configuration :
826 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R0
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
ip route 192.168.2.0 255.255.255.0 192.168.0.2
ip route 192.168.3.0 255.255.255.0 192.168.0.2
ip route 192.168.4.0 255.255.255.0 192.168.0.2
ip route 0.0.0.0 0.0.0.0 12.1.1.2
!
!
access-list 1 permit any
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
end
3750sw1#sh run
Building configuration...
Current configuration :
1969 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 3750sw1
!
iprouting
!
no ip domain-lookup
!
!
interface FastEthernet0/1
!
[outputcut]
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.0.2 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group 102 in
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip access-group 103 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip any any
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
end
2960sw2#sh run
Building configuration...
Current configuration :
1134 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 2960sw2
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
switchport access vlan 4
!
interface FastEthernet0/4
!
[outputcut]
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
switchport mode trunk
!
interface GigabitEthernet1/2
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
2960sw3#sh run
Building configuration...
Current configuration :
1111 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 2960sw3
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
switchport access vlan 4
!
interface FastEthernet0/4
!
[outputcut]
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
验证:
由此PC0得vlan2可以访问vlan3和internet,不可以访问vlan4。
由此PC1得vlan2可以访问vlan2和internet,不可以访问vlan4。
由此PC3得vlan4可以访问internet,不可以访问vlan2和vlan3。
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ACL 限制 vlan 访问