网络要求:
所有局域网机器都受AR18-22-24控制,下分二个VLAN,分别是VLAN1(192.168.1.0,255.255.255.0),VLAN2(192.168.2.0,255.255.255.0).VLAN1不能上外网且不能访问VLAN2,VLAN2能上外网且可以访问VLAN1中的192.168.1.2.
网络环境:
静态IP地址ADSL的IP是218.xxx.xxx.xxx
外网由ADSL MODEM进来,直接到达AR18-22-24的WAN0口,局域网中的电脑都是通过AR18-22-24相连的.
配置实例是:
acl number 2001
rule 0 permit source 192.168.2.0 0.0.0.255
rule 0 permit source 192.168.2.0 0.0.0.255
rule 1 deny source any
#
acl number 2002
rule 0 deny source any
#
acl number 2003
rule 0 permit source 192.168.1.2 0
rule 1 deny source 192.168.1.0 0.0.0.255
#
firewall enable
#
interface Ethernet1/0
ip address 218.xxx.xxx.xxx 255.255.255.0
nat outbound 2001
#
interface Ethernet2/0
#
interface Ethernet3/0
promiscuous
ip address 192.168.10.1 255.255.255.0
#
ip address 218.xxx.xxx.xxx 255.255.255.0
nat outbound 2001
#
interface Ethernet2/0
#
interface Ethernet3/0
promiscuous
ip address 192.168.10.1 255.255.255.0
#
interface ethernet3/0.1
vlan-type dot1q vid 1
ip address 192.168.1.1 255.255.255.0
firewall packet-filter 2002 outbound
#
interface ethernet3/0.2
vlan-type dot1q vid 2
ip address 192.168.2.1 255.255.255.0
firewall packet-filter 2003
#
interface Ethernet3/1
interface Ethernet3/1
port link-type access
port access vlan 1
#
interface Ethernet3/2
#
interface Ethernet3/2
port link-type access
port access vlan 1
#
interface Ethernet3/3
interface Ethernet3/3
port link-type access
port access vlan 1
#
interface Ethernet3/4
interface Ethernet3/4
port link-type access
port access vlan 1
#
interface Ethernet3/5
interface Ethernet3/5
port link-type access
port access vlan 1
#
interface Ethernet3/6
interface Ethernet3/6
port link-type access
port access vlan 1
#
interface Ethernet3/7
interface Ethernet3/7
port link-type access
port access vlan 1
#
interface Ethernet3/8
port link-type access
interface Ethernet3/8
port link-type access
port access vlan 1
#
interface Ethernet3/9
interface Ethernet3/9
port link-type access
port access vlan 1
#
interface Ethernet3/10
interface Ethernet3/10
port link-type access
port access vlan 1
#
interface Ethernet3/11
interface Ethernet3/11
port link-type access
port access vlan 1
#
interface Ethernet3/12
interface Ethernet3/12
port link-type access
port access vlan 1
#
interface Ethernet3/13
interface Ethernet3/13
port link-type access
port access vlan 2
#
interface Ethernet3/14
interface Ethernet3/14
port link-type access
port access vlan 2
#
interface Ethernet3/15
interface Ethernet3/15
port link-type access
port access vlan 2
#
interface Ethernet3/16
interface Ethernet3/16
port link-type access
port access vlan 2
#
interface Ethernet3/17
interface Ethernet3/17
port link-type access
port access vlan 2
#
interface Ethernet3/18
interface Ethernet3/18
port link-type access
port access vlan 2
#
interface Ethernet3/19
interface Ethernet3/19
port link-type access
port access vlan 2
#
interface Ethernet3/20
interface Ethernet3/20
port link-type access
port access vlan 2
#
interface Ethernet3/21
port link-type access
interface Ethernet3/21
port link-type access
port access vlan 2
#
interface Ethernet3/22
interface Ethernet3/22
port link-type access
port access vlan 2
#
interface Ethernet3/23
interface Ethernet3/23
port link-type access
port access vlan 2
#
interface Ethernet3/24
interface Ethernet3/24
port link-type access
port access vlan 2
#
interface NULL0
ip route-static 0.0.0.0 0.0.0.0 218.xxx.xxx.1 preference 60
#
user-interface con 0
#
interface NULL0
ip route-static 0.0.0.0 0.0.0.0 218.xxx.xxx.1 preference 60
#
user-interface con 0
#
return