2022年在三层交换机上配置ACL参考 .pdf

上传人：C****o

文档编号：34250352

上传时间：2022-08-15

格式：PDF

页数：7

大小：535.09KB

( 4.5 )

《2022年在三层交换机上配置ACL参考 .pdf》由会员分享，可在线阅读，更多相关《2022年在三层交换机上配置ACL参考 .pdf（7页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、3750配置：名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 1 页，共 7 页 - - - - - - - - - 3750#conf t 3750(config)#int f0/15 3750(config-if)#switchport mode trunk 3750(config)#end 3750#vlan database 3750(vlan)#vtp server 3750(vlan)#vtp domain sy 3750(vlan)#vtp password cisco

2、 3750(vlan)#vlan 10 3750(vlan)#vlan 20 3750(vlan)#vlan 30 3750(vlan)#vlan 40 3750(vlan)#vlan 100 3750(vlan)#exit 3750(config)#ip routing 3750(config)#int vlan 10 3750(config-if)#ip address 192.168.10.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 20 3750(confi

3、g-if)#ip address 192.168.20.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 30 3750(config-if)#ip address 192.168.30.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 40 3750(config-if)#ip address 192.168.40.1 255.255.255.0

4、3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 100 3750(config-if)#ip address 192.168.100.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#end 3750(config)#int f0/1 3750(config-if)#switchport access vlan 100 3750(config-if)#end配置 ACL 3750#conf t 3

5、750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 2 页，共 7 页 - - - - - - - - - 3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 3750(config)#access-list 10

6、0 permit ip any any 3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 3750(config)#access-list 101 permit ip any any 3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168

7、.10.0 0.0.0.255 3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255 3750(config)#access-list 102 permit ip any any 3750(config)#ip access-list extended infilter /在入方向放置reflect/ 3750(config-ext-nacl)#permit ip any any reflect ccna 3750(config-ext-nacl)#exit 3750(config)

8、#ip access-list extended outfilter /在出方向放置evaluate/ 3750(config-ext-nacl)#evaluate ccna 3750(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any 3750(config-ext-nacl)#deny ip 192.168.20.0 0.0.0.255 any 3750(config-ext-nacl)#deny ip 192.168.30.0 0.0.0.255 any 3750(config-ext-nacl)#permit ip any any 3

9、750(config-ext-nacl)#exit 3750(config)#int vlan 40 /应用到管理接口/ 3750(config-if)#ip access-group infilter in 3750(config-if)#ip access-group outfilter out 3750(config-if)#exit 3750(config)#int vlan 10 3750(config-if)#ip access-group 100 in 3750(config-if)#exit 3750(config)#int vlan 20 3750(config-if)#ip

10、 access-group 101 in 3750(config-if)#exit 3750(config)#int vlan 30 3750(config-if)#ip access-group 102 in 3750(config-if)#end2960配置：2960#conf t 2960(config)#int f0/15 2960(config-if)#switchport mode trunk 2960(config-if)#switchport trunk encapsulation dot1q 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - -

11、 - - - - - - - 名师精心整理 - - - - - - - 第 3 页，共 7 页 - - - - - - - - - 2960(config-if)#end 2960#vlan database 2960(vlan)#vtp client 2960(vlan)#vtp domain sy 2960(vlan)#vtp password cisco 2960(vlan)#exit2960#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 256 N

12、umber of existing VLANs : 10 VTP Operating Mode : Client VTP Domain Name : sy VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0 x4D 0 xA8 0 xC9 0 x00 0 xDC 0 x58 0 x2F 0 xDD Configuration last modified by 0.0.0.0 at 3-1-02 00:13:34 2960#show vlan-sw bri

13、efVLAN Name Status Ports - - - - 1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3 Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14 10 VLAN0010 active 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 100 VLAN0100 active 1002 fddi-default active 1003 token-ring-default

14、 active 1004 fddinet-default active 1005 trnet-default active 2960#conf t 2960(config)#int f0/1 2960(config-if)#switchport access vlan 10 2960(config-if)#int f0/2 2960(config-if)#switchport access vlan 20 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 4 页，共 7 页 - - -

15、 - - - - - - 2960(config-if)#int f0/3 2960(config-if)#switchport access vlan 30 2960(config-if)#int f0/4 2960(config-if)#switchport access vlan 40 2960(config-if)#end客户机验证：PC1 ：PC1#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds

16、: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4

17、0.40, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 104/268/336 ms PC2 ：PC2#ping 192.168.10.10

18、Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC2#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/

19、5) PC2#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds: 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 5 页，共 7 页 - - - - - - - - - U.U.U Success rate is 0 percent (0/5) PC2#ping 192.168.100.100Ty

20、pe escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/170/336 ms PC3 ：PC3#ping 192.168.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 s

21、econds: .U.U. Success rate is 0 percent (0/5) PC3#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC3#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192

22、.168.40.40, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC3#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/218/416 ms PC4 ：PC4#ping 192.168.

23、10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: .! Success rate is 80 percent (4/5), round-trip min/avg/max = 240/331/508 ms PC4#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2

24、 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 220/288/356 ms PC4#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 6 页，共 7

25、页 - - - - - - - - - ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/207/268 ms PC4#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 96/219/440 m

26、s PC5 ：PC5#ping 192.168.10.10Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 92/194/284 ms PC5#ping 192.168.20.20Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.16

27、8.20.20, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/209/336 ms PC5#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/18

28、4/372 ms PC5#ping 192.168.40.40Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 192/239/308 ms 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 7 页，共 7 页 - - - - - - - - -

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

4.3 金币

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: 2022年在三层交换机上配置ACL参考 2022 三层交换机配置 ACL 参考

淘文阁 - 分享文档赚钱的网站所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

限制150内

关于本文

本文标题：2022年在三层交换机上配置ACL参考 .pdf
链接地址：https://www.taowenge.com/p-34250352.html