1. 首页首页
  2. 科技前沿科技前沿

2025年ACL的基本应用

科技前沿 阅读 54

ACL的基本应用vlan10 可以与任意通讯 剩余之间互相不能通讯 核心 vlan batch 10 50 60 70 80 90 int vlan 10 ip add 192 168 10 1 22 int vlan 50 ip add 192 168 50 1 24 int vlan 60 ip add 192 168 60 1 24

大家好,我是讯享网,很高兴认识大家。

vlan10可以与任意通讯,剩余之间互相不能通讯


讯享网

核心

vlan batch 10 50 60 70 80 90

int vlan 10

ip add 192.168.10.1 22                        

int vlan 50

ip add 192.168.50.1 24

int vlan 60

ip add 192.168.60.1 24

Int vlan 70

ip add 192.168.70.1 24

Int vlan 80

ip add 192.168.80.1 24

Int vlan 90

ip add 192.168.90.1 24

#创建vlan 跟ip

Int g0/0/1

port link-type trunk

port trunk allow-pass vlan all

Int g0/0/2

port link-type trunk

port trunk allow-pass vlan 50

Int g0/0/3

port link-type trunk

port trunk allow-pass vlan 60

Int g0/0/4

port link-type trunk

port trunk allow-pass vlan 70

Int g0/0/5

port link-type trunk

port trunk allow-pass vlan 80

Int g0/0/6

port link-type trunk

port trunk allow-pass vlan 90

#创建接口类型

Vlan 200

Int vlan 200

Ip add 192.168.1.2 24

Int g0/0/24

Port link-type access

Port default vlan 200

#创建与路由器的连接

Dhcp enabl

Ip pool yisa10

Gateway-list 192.168.10.1

Network 192.168.10.0 mask 255.255.252.0

Dns-list 114.114.114.114 223.5.5.5

Ip pool yisa50

Gateway-list 192.168.50.1

Network 192.168.50.0 mask 255.255.255.0

Dns-list 114.114.114.114 223.5.5.5

Ip pool yisa60

Gateway-list 192.168.60.1

Network 192.168.60.0 mask 255.255.255.0

Dns-list 114.114.114.114 223.5.5.5

Ip pool yisa70

Gateway-list 192.168.70.1

Network 192.168.70.0 mask 255.255.255.0

Dns-list 114.114.114.114 223.5.5.5

Ip pool yisa80

Gateway-list 192.168.80.1

Network 192.168.80.0 mask 255.255.255.0

Dns-list 114.114.114.114 223.5.5.5

Ip pool yisa90

Gateway-list 192.168.90.1

Network 192.168.90.0 mask 255.255.255.0

Dns-list 114.114.114.114 223.5.5.5

#创建IP地址池

Int vlan 10

dhcp select global

Int vlan 50

dhcp select global

Int vlan 60

dhcp select global

Int vlan 70

dhcp select global

Int vlan 80

dhcp select global

Int vlan 90

dhcp select global

#开启每个vlan的dhcp

Acl 3050

Rule 10 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255

Rule 20 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255

Rule 30 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255

Rule 40 deny ip source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255

Acl 3060

Rule 10 deny ip source 192.168.60.0 0.0.0.255 destination 192.168.50.0 0.0.0.255

Rule 20 deny ip source 192.168.60.0 0.0.0.255 destination 192.168.70.0 0.0.0.255

Rule 30 deny ip source 192.168.60.0 0.0.0.255 destination 192.168.80.0 0.0.0.255

Rule 40 deny ip source 192.168.60.0 0.0.0.255 destination 192.168.90.0 0.0.0.255

Acl 3070

Rule 10 deny ip source 192.168.70.0 0.0.0.255 destination 192.168.50.0 0.0.0.255

Rule 20 deny ip source 192.168.70.0 0.0.0.255 destination 192.168.60.0 0.0.0.255

Rule 30 deny ip source 192.168.70.0 0.0.0.255 destination 192.168.80.0 0.0.0.255

Rule 40 deny ip source 192.168.70.0 0.0.0.255 destination 192.168.90.0 0.0.0.255

Acl 3080

Rule 10 deny ip source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255

Rule 20 deny ip source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255

Rule 30 deny ip source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255

Rule 40 deny ip source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255

Acl 3090

Rule 10 deny ip source 192.168.90.0 0.0.0.255 destination 192.168.50.0 0.0.0.255

Rule 20 deny ip source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255

Rule 30 deny ip source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255

Rule 40 deny ip source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255

#写acl规则

Int g0/0/2

Traffic-filter inbound acl 3000

Int g0/0/3

Traffic-filter inbound acl 3001

Int g0/0/4

Traffic-filter inbound acl 3002

Int g0/0/5

Traffic-filter inbound acl 3003

#把acl应用到各接口

路由器

Vlan 200

Int vlan 200

Ip add 192.168.1.1 24

Int e0/0/1

Port link-type access

Port default vlan 200

#建立与核心交换机的连接

ip route-static 192.168.8.0 255.255.252.0 192.168.1.2

ip route-static 192.168.50.0 255.255.255.0 192.168.1.2

ip route-static 192.168.60.0 255.255.255.0 192.168.1.2

ip route-static 192.168.70.0 255.255.255.0 192.168.1.2

ip route-static 192.168.80.0 255.255.255.0 192.168.1.2

ip route-static 192.168.90.0 255.255.255.0 192.168.1.2

建立与各vlan的连接

vlan 10

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

vlan 50

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 50

vlan 60

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 60

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

vlan 70

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 70

interface GigabitEthernet0/0/2

port link-type access

port default vlan 70

vlan 80

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 80

interface GigabitEthernet0/0/2

port link-type access

port default vlan 80

vlan 90

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 90

interface GigabitEthernet0/0/2

port link-type access

port default vlan 90

小讯
上一篇 2025-03-23 19:25
下一篇 2025-01-24 07:38

相关推荐

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请联系我们,一经查实,本站将立刻删除。
如需转载请保留出处:https://51itzy.com/kjqy/24237.html