读文网>电脑>网络知识>路由器>路由器设置>cisco思科

思科48口交换机如何配置ACL

Cisco依靠自身的技术和对网络经济模式的深刻理解,成为了网络应用的成功实践者之一,那么你知道思科48口交换机如何配置ACL吗?下面是读文网小编整理的一些关于思科48口交换机如何配置ACL的相关资料,供你参考。

思科48口交换机配置ACL的方法:

大家先看下配置,我的要求就是,在47口上做镜像,4vlan内的机器的数据镜像到47口上,47口接监控服务器,然后在做下访问控制,4vlan内的机器 跟47口上的服务器可以相互通讯,但4vlan之间不能相互通讯!目前47口的ip地址为192.168.25.1 255.255.255.0.

FwhSwhshowrun

Building configuration…

Current configuration : 4909 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname FwhSwh

!

!

no aaa new-model

ip subnet-zero

ip routing

!

ip dhcp pool vlan20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

dns-server 202.106.196.115 202.106.0.20

!

ip dhcp pool vlan21

network 192.168.21.0 255.255.255.0

default-router 192.168.21.1

dns-server 202.106.196.115 202.106.0.20

!

ip dhcp pool vlan22

network 192.168.22.0 255.255.255.0

default-router 192.168.22.1

dns-server 202.106.196.115 202.106.0.20

!

ip dhcp pool vlan23

network 192.168.23.0 255.255.255.0

default-router 192.168.23.1

dns-server 202.106.0.20

!

!

!

!

no file verify auto

SPAnning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 20

!

interface FastEthernet0/2

switchport access vlan 20

!

interface FastEthernet0/3

switchport access vlan 20

!

interface FastEthernet0/4

switchport access vlan 20

!

interface FastEthernet0/5

switchport access vlan 20

!

interface FastEthernet0/6

switchport access vlan 20

!

interface FastEthernet0/7

switchport access vlan 20

!

interface FastEthernet0/8

switchport access vlan 20

!

interface FastEthernet0/9

switchport access vlan 20

!

interface FastEthernet0/10

switchport access vlan 20

!

interface FastEthernet0/11

switchport access vlan 20

!

interface FastEthernet0/12

switchport access vlan 20

!

interface FastEthernet0/13

switchport access vlan 20

!

interface FastEthernet0/14

switchport access vlan 20

!

interface FastEthernet0/15

switchport access vlan 20

!

interface FastEthernet0/16

switchport access vlan 20

!

interface FastEthernet0/17

switchport access vlan 20

!

interface FastEthernet0/18

switchport access vlan 20

!

interface FastEthernet0/19

switchport access vlan 20

!

interface FastEthernet0/20

switchport access vlan 20

!

interface FastEthernet0/21

switchport access vlan 21

!

interface FastEthernet0/22

switchport access vlan 21

!

interface FastEthernet0/23

switchport access vlan 21

!

interface FastEthernet0/24

switchport access vlan 21

!

interface FastEthernet0/25

switchport access vlan 21

!

interface FastEthernet0/26

switchport access vlan 21

!

interface FastEthernet0/27

switchport access vlan 21

!

interface FastEthernet0/28

switchport access vlan 21

!

interface FastEthernet0/29

switchport access vlan 21

!

interface FastEthernet0/30

switchport access vlan 21

!

interface FastEthernet0/31

switchport access vlan 22

!

interface FastEthernet0/32

switchport access vlan 22

!

interface FastEthernet0/33

switchport access vlan 22

!

interface FastEthernet0/34

switchport access vlan 22

!

interface FastEthernet0/35

switchport access vlan 22

!

interface FastEthernet0/36

switchport access vlan 22

!

interface FastEthernet0/37

switchport access vlan 22

!

interface FastEthernet0/38

switchport access vlan 22

!

interface FastEthernet0/39

switchport access vlan 22

!

interface FastEthernet0/40

switchport access vlan 22

!

interface FastEthernet0/41

switchport access vlan 23

!

interface FastEthernet0/42

switchport access vlan 23

!

interface FastEthernet0/43

switchport access vlan 23

!

interface FastEthernet0/44

switchport access vlan 23

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

no switchport

ip address *.*.*.* 255.255.255.0

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip access-group 100 in

ip helper-address 192.168.20.1

!

interface Vlan21

ip address 192.168.21.1 255.255.255.0

ip access-group 101 in

ip helper-address 192.168.21.1

!

interface Vlan22

ip address 192.168.22.1 255.255.255.0

ip access-group 102 in

ip helper-address 192.168.22.1

!

interface Vlan23

ip address 192.168.23.1 255.255.255.0

ip access-group 103 in

ip helper-address 192.168.23.1

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.0.0.1

no ip http server

!

access-list 100 deny ip any 192.168.21.0 0.0.0.255

access-list 100 deny ip any 192.168.22.0 0.0.0.255

access-list 100 permit ip any any

access-list 101 deny ip any 192.168.22.0 0.0.0.255

access-list 101 deny ip any 192.168.20.0 0.0.0.255

access-list 101 deny ip any 192.168.23.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 deny ip any 192.168.20.0 0.0.0.255

access-list 102 deny ip any 192.168.21.0 0.0.0.255

access-list 102 deny ip any 192.168.23.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 deny ip any 192.168.21.0 0.0.0.255

access-list 103 deny ip any 192.168.22.0 0.0.0.255

access-list 103 permit ip any any

!

control-plane

!

!

line con 0

line vty 0 4

no login

line vty 5 15

no login

!

!

end

看过文章“思科48口交换机如何配置ACL"

相关热搜

相关文章

【cisco思科】热点

【cisco思科】最新