单臂路由实现VLAN间的访问控制
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
划分2个VLAN VLAN 1 和 VLAN 2
要求VLAN2可以访问VLAN1,而VLAN1不能访问VLAN2。
功能我已经具体实现过了
配置我大体写了一下,不是很复杂,相信大家可以看明白,
下面列出了路由器的版本和具体的配置。
CISCO#show version
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)
Technical Support: /techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 16-Jun-06 23:33 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
System returned to ROM by bus error at PC 0x6283B684, address 0x0 at 05:46:17 BJ Fri Aug 17 2007
System restarted at 05:47:43 BJ Fri Aug 17 2007
System image file is "flash:c2801-adventerprisek9-mz.124-9.T.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@.
Cisco 2801 (revision 6.0) with 235520K/26624K bytes of memory.
Processor board ID FHK1035F047
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
6 Voice FXO interfaces
1 DSP, 8 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
250880K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
interface FastEthernet0/1
ip address 218.****** 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.20.1 255.255.255.0
ip access-group infilter in
ip access-group outfilter out
ip nat inside
ip virtual-reassembly
重要部分**************************************************************
ip access-list extended infilter
permit ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255 reflect feng
permit ip any any
ip access-list extended outfilter
evaluate feng
deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any
*************
********************************************************
ip access-list 100 permit ip any any �