问答文章1 问答文章501 问答文章1001 问答文章1501 问答文章2001 问答文章2501 问答文章3001 问答文章3501 问答文章4001 问答文章4501 问答文章5001 问答文章5501 问答文章6001 问答文章6501 问答文章7001 问答文章7501 问答文章8001 问答文章8501 问答文章9001 问答文章9501

请问如何在三层交换上设置ACL使得网段内只有一台主机允许访问

发布网友 发布时间:2022-04-12 20:49

我来回答

2个回答

懂视网 时间:2022-04-13 01:10

3750 配置 : 3750#conf t 3750(config)#int f0/15 3750(config-if)#switchport mode trunk 3750(config)#end 3750#vlan database 3750(vlan)#vtp server 3750(vlan)#vtp domain sy 3750(vlan)#vtp password cisco 3750(vlan)#vlan 10 3750(vlan)#vlan 20 37

3750配置: 3750#conf t
3750(config)#int f0/15
3750(config-if)#switchport mode trunk
3750(config)#end
3750#vlan database
3750(vlan)#vtp server
3750(vlan)#vtp domain sy
3750(vlan)#vtp password cisco
3750(vlan)#vlan 10
3750(vlan)#vlan 20
3750(vlan)#vlan 30
3750(vlan)#vlan 40
3750(vlan)#vlan 100
3750(vlan)#exit
3750(config)#ip routing
3750(config)#int vlan 10
3750(config-if)#ip address 192.168.10.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 20
3750(config-if)#ip address 192.168.20.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 30
3750(config-if)#ip address 192.168.30.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 40
3750(config-if)#ip address 192.168.40.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 100
3750(config-if)#ip address 192.168.100.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#end
3750(config)#int f0/1
3750(config-if)#switchport access vlan 100
3750(config-if)#end
配置ACL 3750#conf t
3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255
3750(config)#access-list 100 permit ip any any
3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
3750(config)#access-list 101 permit ip any any
3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
3750(config)#access-list 102 permit ip any any
3750(config)#ip access-list extended infilter //在入方向放置reflect//
3750(config-ext-nacl)#permit ip any any reflect ccna
3750(config-ext-nacl)#exit
3750(config)#ip access-list extended outfilter //在出方向放置evaluate//
3750(config-ext-nacl)#evaluate ccna
3750(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any
3750(config-ext-nacl)#deny ip 192.168.20.0 0.0.0.255 any
3750(config-ext-nacl)#deny ip 192.168.30.0 0.0.0.255 any
3750(config-ext-nacl)#permit ip any any
3750(config-ext-nacl)#exit
3750(config)#int vlan 40 //应用到管理接口//
3750(config-if)#ip access-group infilter in
3750(config-if)#ip access-group outfilter out
3750(config-if)#exit
3750(config)#int vlan 10
3750(config-if)#ip access-group 100 in
3750(config-if)#exit
3750(config)#int vlan 20
3750(config-if)#ip access-group 101 in
3750(config-if)#exit
3750(config)#int vlan 30
3750(config-if)#ip access-group 102 in
3750(config-if)#end 2960配置: 2960#conf t
2960(config)#int f0/15
2960(config-if)#switchport mode trunk
2960(config-if)#switchport trunk encapsulation dot1q
2960(config-if)#end
2960#vlan database
2960(vlan)#vtp client
2960(vlan)#vtp domain sy
2960(vlan)#vtp password cisco
2960(vlan)#exit 2960#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 256
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : sy
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x4D 0xA8 0xC9 0x00 0xDC 0x58 0x2F 0xDD
Configuration last modified by 0.0.0.0 at 3-1-02 00:13:34
2960#show vlan-sw brief VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active 2960#conf t
2960(config)#int f0/1
2960(config-if)#switchport access vlan 10
2960(config-if)#int f0/2
2960(config-if)#switchport access vlan 20
2960(config-if)#int f0/3
2960(config-if)#switchport access vlan 30
2960(config-if)#int f0/4
2960(config-if)#switchport access vlan 40
2960(config-if)#end
客户机验证:
PC1: PC1#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC1#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC1#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC1#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/268/336 ms PC2: PC2#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC2#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC2#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC2#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/170/336 ms PC3: PC3#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.U.U.
Success rate is 0 percent (0/5) PC3#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC3#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5) PC3#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/218/416 ms PC4: PC4#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 240/331/508 ms PC4#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 220/288/356 ms PC4#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/207/268 ms PC4#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/219/440 ms PC5: PC5#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/194/284 ms PC5#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/209/336 ms PC5#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/184/372 ms PC5#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/239/308 ms

热心网友 时间:2022-04-12 22:18

简单ACL就可以了:
acl number 2009
rule 0 permit source 192.168.2.10 允许192.168.2.10段
rule 100 deny all 拒绝其他流量
#
interface vlan 10 在vlan10接口的出方向应用该ACL
packet-filter 2009 outbound
#追问access-list 101 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.10
access-list 102 permit ip host 192.168.2.10 192.168.1.0 0.0.0.255
int vlan 10
ip access-group 101 out
ip access-group 102 in 这个有什么错误吗

追答access-list 101 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.10
access-list 102 permit ip host 192.168.2.10 192.168.1.0 0.0.0.255
int vlan 10
ip access-group 101 in
ip access-group 102 out
这样改一下就可以了,自己去理解一下!

声明声明:本网页内容为用户发布,旨在传播知识,不代表本网认同其观点,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。E-MAIL:11247931@qq.com
求助:补全成语. _然而止、_然不屈、_然四顾、_然若失、_然而至、_然拒绝、_然无声... 我姑妈(姑妈去世),现奶奶的房产 姑妈的女儿有继承权吗? 丈夫去世遗产应该能怎么分配 《人世间》骆士宾遗产股权归谁所有 为什么说曹珊不应该得罪水自流_百 ... 有谁知我国十大元帅及十大上将? 解放中国的10大元帅是那几个? 对中国有何影响? 中国历史上的十大元帅 为什么中国过去有元帅现在没有了 ...想看中国80年代、90年代热播的电视剧,《渴望》、《蛙女》等,越多... 保时捷718建议买2.0还是2.5排量,推荐新车还是二手车 纠结保时捷718boxster2.0T和奔驰slc300 保时捷718 2.0T是大众发动机吗 保时捷718 2.0落地大概多少钱? 保时捷718boxster2.0t动力怎么样,我98年的,上大二了,家里同意给买辆车 保时捷迈卡2.0T油耗多少钱1公里 2.0保时捷718市区油耗20个正常吗,有办法保养省油吗? 保时捷718 2016款 boxster 2.0t 底盘多高 考取公务员后可以从事什么工作 保时捷718boxster2.0T落地需要多少钱? 滴滴预约单需要点击出车吗 木门框里有很多黑色长翅膀的小虫是什么虫?怎么处理。 新装的护墙板里有虫子咬木头的声音是怎么回事 护墙板被虫子咬出洞怎么办 函授本科没有学士学位的可以考研吗 家里发现很多白色小虫,怎么办? 函授本科可以考研吗 一定要取得学士学位吗? 我家里突然从护墙板里爬出成千上万的带翅膀的黑虫子,去掉翅膀好像蚂蚁,这究竟是什么啊?怎样解决啊? 房间墙壁里老是出现这种虫子,弄掉了之后过段时间又有,这到底是什么虫子怎么解决他们? 护墙板里面长了虫子,拍几下墙板,就掉下来很多黑色粉末,请问哪位大神知道是什么虫子?该怎么杀? 变的变怎么组词 如何把一个 usb 键盘改造成蓝牙键盘? 求爱之轮回2020年免费高清百度云资源,塔那帕特·卡维拉主演的 求情迷幽灵2019年网盘在线观看资源,塔那帕特·卡维拉主演的 为什么蓝牙键盘没有usb键盘灵敏? 换世之恋皮安和谁在一起了 求 情迷幽灵 202529282028272820 百度云免费在线观看资源 泰版放羊的星星什么时候上映 请问有情迷幽灵第一季2019年上映的由 塔那帕特·卡维拉主演的免费高清百度云资源吗 第七届“金交会”广州开幕有何特色? 跪求好心人分享情迷幽灵2019年上映的由塔那帕特·卡维拉主演的免费高清百度云资源 有没有既能连接蓝牙又能插usb的键盘?多少钱? 哪位大神有沙风暴/谋爱沙路,2021年艾丝特·苏普莉拉、塔那帕特·卡维拉主演的泰国电视剧免费百度云资源? 阿胶陈的好还是新的好 陈年阿胶好吗 蓝牙键盘 和 usb键盘 哪个好用 有没有人可以说下蓝牙键盘和USB键盘的区别 谢谢 96年的福牌阿胶值多少钱 托福家考11月3日状态显示scheduled正常吗? 10年前生产的阿胶 到现在 还能吃吗
懂视IT 51dongshi.com 版权所有
Copyright © 2019-2024