拓扑图我就不画了,没那么多闲工夫,相信大家可以很容易明白大体的结构
因客户没有三层交换,特提出此种方案。
划分2个VLAN VLAN 1 和 VLAN 2
要求VLAN2可以访问VLAN1,而VLAN1不能访问VLAN2。
功能我已经具体实现过了
配置我大体写了一下,不是很复杂,相信大家可以看明白,
下面列出了路由器的版本和具体的配置。
CISCO#show version
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)
Technical Support: [url]http://www.cisco.com/techsupport [/url]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 16-Jun-06 23:33 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
System returned to ROM by bus error at PC 0x6283B684, address 0x0 at 05:46:17 BJ Fri Aug 17 2007
System restarted at 05:47:43 BJ Fri Aug 17 2007
System p_w_picpath file is "flash:c2801-adventerprisek9-mz.124-9.T.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
[url]http://www.cisco.com/wwl/export/crypto/tool/stqrg.html [/url]
If you require further assistance please contact us by sending email to
[email]export@cisco.com[/email].
Cisco 2801 (revision 6.0) with 235520K/26624K bytes of memory.
Processor board ID FHK1035F047
2 FastEthernet interfaces
1 Virtual Private Network (×××) Module
6 Voice FXO interfaces
1 DSP, 8 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
250880K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
interface FastEthernet0/1
ip address 218.****** 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.20.1 255.255.255.0
ip access-group infilter in
ip access-group outfilter out
ip nat inside
ip virtual-reassembly
重要部分**************************************************************
ip access-list extended infilter
permit ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255 reflect feng
permit ip any any
ip access-list extended outfilter
evaluate feng
deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any
*********************************************************************
ip access-list 100 permit ip any any
ip nat pool www *********** netmask 255.255.255.252
ip nat inside source list 100 pool www overload
要求VLAN2可以访问VLAN1,而VLAN1不能访问VLAN2。
功能我已经具体实现过了
配置我大体写了一下,不是很复杂,相信大家可以看明白,
下面列出了路由器的版本和具体的配置。
CISCO#show version
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)
Technical Support: [url]http://www.cisco.com/techsupport [/url]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 16-Jun-06 23:33 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
System returned to ROM by bus error at PC 0x6283B684, address 0x0 at 05:46:17 BJ Fri Aug 17 2007
System restarted at 05:47:43 BJ Fri Aug 17 2007
System p_w_picpath file is "flash:c2801-adventerprisek9-mz.124-9.T.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
[url]http://www.cisco.com/wwl/export/crypto/tool/stqrg.html [/url]
If you require further assistance please contact us by sending email to
[email]export@cisco.com[/email].
Cisco 2801 (revision 6.0) with 235520K/26624K bytes of memory.
Processor board ID FHK1035F047
2 FastEthernet interfaces
1 Virtual Private Network (×××) Module
6 Voice FXO interfaces
1 DSP, 8 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
250880K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
interface FastEthernet0/1
ip address 218.****** 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.20.1 255.255.255.0
ip access-group infilter in
ip access-group outfilter out
ip nat inside
ip virtual-reassembly
重要部分**************************************************************
ip access-list extended infilter
permit ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255 reflect feng
permit ip any any
ip access-list extended outfilter
evaluate feng
deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any
*********************************************************************
ip access-list 100 permit ip any any
ip nat pool www *********** netmask 255.255.255.252
ip nat inside source list 100 pool www overload
转载于:https://blog.51cto.com/genisystem/40449
扫一扫
2663
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
