您现在的位置: 华盟网 >> 网管 >> Cisco >> 正文

Cisco356048口交换机配置ACL

2014/11/20 作者:不详 来源: 华盟收集
导读 大家先看下配置,我的要求就是,在47口上做镜像,4vlan内的机器的数据镜像到47口上,47口接监控服务器,然后在做下访问控制,4vlan内的机器 跟47口上的…

  大家先看下配置,我的要求就是,在47口上做镜像,4vlan内的机器的数据镜像到47口上,47口接监控服务器,然后在做下访问控制,4vlan内的机器 跟47口上的服务器可以相互通讯,但4vlan之间不能相互通讯!目前47口的ip地址为192.168.25.1 255.255.255.0.希望高手给我写下acl的配置信息!定表重谢!

  FwhSwh#show run

  Building configuration…

  Current configuration : 4909 bytes

  !

  version 12.2

  no service pad

  service timestamps debug uptime

  service timestamps log uptime

  no service password-encryption

  !

  hostname FwhSwh

  !

  !

  no aaa new-model

  ip subnet-zero

  ip routing

  !

  ip dhcp pool vlan20

  network 192.168.20.0 255.255.255.0

  default-router 192.168.20.1

  dns-server 202.106.196.115 202.106.0.20

  !

  ip dhcp pool vlan21

  network 192.168.21.0 255.255.255.0

  default-router 192.168.21.1

  dns-server 202.106.196.115 202.106.0.20

  !

  ip dhcp pool vlan22

  network 192.168.22.0 255.255.255.0

  default-router 192.168.22.1

  dns-server 202.106.196.115 202.106.0.20

  !

  ip dhcp pool vlan23

  network 192.168.23.0 255.255.255.0

  default-router 192.168.23.1

  dns-server 202.106.0.20

  !

  !

  !

  !

  no file verify auto

  spanning-tree mode pvst

  spanning-tree extend system-id

  !

  vlan internal allocation policy ascending

  !

  interface FastEthernet0/1

  switchport access vlan 20

  !

  interface FastEthernet0/2

  switchport access vlan 20

  !

  interface FastEthernet0/3

  switchport access vlan 20

  !

  interface FastEthernet0/4

  switchport access vlan 20

  !

  interface FastEthernet0/5

  switchport access vlan 20

  !

  interface FastEthernet0/6

  switchport access vlan 20

  !

  interface FastEthernet0/7

  switchport access vlan 20

  !

  interface FastEthernet0/8

  switchport access vlan 20

  !

  interface FastEthernet0/9

  switchport access vlan 20

  !

  interface FastEthernet0/10

  switchport access vlan 20

  !

  interface FastEthernet0/11

  switchport access vlan 20

  !

  interface FastEthernet0/12

  switchport access vlan 20

  !

  interface FastEthernet0/13

  switchport access vlan 20

  !

  interface FastEthernet0/14

  switchport access vlan 20

  !

  interface FastEthernet0/15

  switchport access vlan 20

  !

  interface FastEthernet0/16

  switchport access vlan 20

  !

  interface FastEthernet0/17

  switchport access vlan 20

  !

  interface FastEthernet0/18

  switchport access vlan 20

  !

  interface FastEthernet0/19

  switchport access vlan 20

  !

  interface FastEthernet0/20

  switchport access vlan 20

  !

  interface FastEthernet0/21

  switchport access vlan 21

  !

  interface FastEthernet0/22

  switchport access vlan 21

  !

  interface FastEthernet0/23

  switchport access vlan 21

  !

  interface FastEthernet0/24

  switchport access vlan 21

  !

  interface FastEthernet0/25

  switchport access vlan 21

  !

  interface FastEthernet0/26

  switchport access vlan 21

  !

  interface FastEthernet0/27

  switchport access vlan 21

  !

  interface FastEthernet0/28

  switchport access vlan 21

  !

  interface FastEthernet0/29

  switchport access vlan 21

  !

  interface FastEthernet0/30

  switchport access vlan 21

  !

  interface FastEthernet0/31

  switchport access vlan 22

  !

  interface FastEthernet0/32

  switchport access vlan 22

  !

  interface FastEthernet0/33

  switchport access vlan 22

  !

  interface FastEthernet0/34

  switchport access vlan 22

  !

  interface FastEthernet0/35

  switchport access vlan 22

  !

  interface FastEthernet0/36

  switchport access vlan 22

  !

  interface FastEthernet0/37

  switchport access vlan 22

  !

  interface FastEthernet0/38

  switchport access vlan 22

  !

  interface FastEthernet0/39

  switchport access vlan 22

  !

  interface FastEthernet0/40

  switchport access vlan 22

  !

  interface FastEthernet0/41

  switchport access vlan 23

  !

  interface FastEthernet0/42

  switchport access vlan 23

  !

  interface FastEthernet0/43

  switchport access vlan 23

  !

  interface FastEthernet0/44

  switchport access vlan 23

  !

  interface FastEthernet0/45

  !

  interface FastEthernet0/46

  !

  interface FastEthernet0/47

  !

  interface FastEthernet0/48

  no switchport

[NextPage]

  ip address *.*.*.* 255.255.255.0

  !

  interface GigabitEthernet0/1

  !

  interface GigabitEthernet0/2

  !

  interface GigabitEthernet0/3

  !

  interface GigabitEthernet0/4

  !

  interface Vlan1

  no ip address

  shutdown

  !

  interface Vlan20

  ip address 192.168.20.1 255.255.255.0

  ip access-group 100 in

  ip helper-address 192.168.20.1

  !

  interface Vlan21

  ip address 192.168.21.1 255.255.255.0

  ip access-group 101 in

  ip helper-address 192.168.21.1

  !

  interface Vlan22

  ip address 192.168.22.1 255.255.255.0

  ip access-group 102 in

  ip helper-address 192.168.22.1

  !

  interface Vlan23

  ip address 192.168.23.1 255.255.255.0

  ip access-group 103 in

  ip helper-address 192.168.23.1

  !

  ip classless

  ip route 0.0.0.0 0.0.0.0 10.0.0.1

  no ip http server

  !

  access-list 100 deny ip any 192.168.21.0 0.0.0.255

  access-list 100 deny ip any 192.168.22.0 0.0.0.255

  access-list 100 permit ip any any

  access-list 101 deny ip any 192.168.22.0 0.0.0.255

  access-list 101 deny ip any 192.168.20.0 0.0.0.255

  access-list 101 deny ip any 192.168.23.0 0.0.0.255

  access-list 101 permit ip any any

  access-list 102 deny ip any 192.168.20.0 0.0.0.255

  access-list 102 deny ip any 192.168.21.0 0.0.0.255

  access-list 102 deny ip any 192.168.23.0 0.0.0.255

  access-list 102 permit ip any any

  access-list 103 deny ip any 192.168.21.0 0.0.0.255

  access-list 103 deny ip any 192.168.22.0 0.0.0.255

  access-list 103 permit ip any any

  !

  control-plane

  !

  !

  line con 0

  line vty 0 4

  no login

  line vty 5 15

  no login

  !

  !

  end

                  微信群名称:华盟黑白之道二群   华盟-黑白之道⑦QQ群: 9430885

  • 上一篇网管:

  • 下一篇网管:
  • 网友评论
      验证码
     

    关注

    分享

    0

    讨论

    2

    猜你喜欢

    论坛最新贴