ENSP模拟交换环境中调用高级ACL限制不同网段之间互访

原创

baihuzi 2018-10-31 10:36:44 ©著作权

©著作权归作者所有：来自51CTO博客作者baihuzi的原创作品，谢绝转载，否则将追究法律责任

实验环境：网段规划： vlan 100：10.10.10.0 /24 网关 10.10.10.254 DNS：8.8.8.8 vlan 101：192.168.10.0/24 网关 192.168.10.254 DNS：8.8.8.8 配置Center 1、创建vlan vlan 100 description bangong vlan 101 description youke ** 2、配置trunk接口** interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 to 101 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 to 101 ** 3、创建虚接口并配置IP地址** interface Vlanif101 ip address 192.168.10.254 255.255.255.0 interface Vlanif100 ip address 10.10.10.254 255.255.255.0 4、配置DHCP dhcp enable ip pool bangong gateway-list 10.10.10.254 network 10.10.10.0 mask 255.255.255.0 dns-list 8.8.8.8

ip pool youke gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 dns-list 8.8.8.8

interface Vlanif100 ip address 10.10.10.254 255.255.255.0 dhcp select global

interface Vlanif101 ip address 192.168.10.254 255.255.255.0 dhcp select global

** 配置Access1** vlan 100 description bangong vlan 101 description youke

interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3 port link-type access port default vlan 100

interface Ethernet0/0/4 port link-type access port default vlan 101

interface Ethernet0/0/5 port link-type access port default vlan 100

** 配置Access2**

vlan 100 description bangong vlan 101 description youke

interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3 port link-type access port default vlan 100

interface Ethernet0/0/4 port link-type access port default vlan 101

interface Ethernet0/0/5 port link-type access port default vlan 100

将PC1 PC2 PC3 PC4ip地址设置为自动获取，并验证获取到的地址我们先互相ping一下游客和办公网络，目前是互通的我们在Center上定义ACL acl number 3000 rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 10.10.10.0 0.0.0.255