背景:一台2950交换机,15、16口接了两台电脑,分别是10.65.161.105 10.65.161.106,对这两台机器做限制,只允许其访问固定的IP
dqytv2950#sh run
Building configuration...
Building configuration...
Current configuration : 2309 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dqytv2950
!
enable secret 5 $1$o8qb$RH2NF9e7IrNQQYZ8Vq7nF0
enable password ytv2003
!
ip subnet-zero
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
no ip address
!
interface FastEthernet0/2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
no ip address
!
interface FastEthernet0/13
no ip address
!
interface FastEthernet0/14
no ip address
!
interface FastEthernet0/15
no ip address
ip access-group 101 in //将101列表应用到交换机的fa0/15口
!
interface FastEthernet0/16
no ip address
ip access-group 101 in //将101列表应用到交换机的fa0/16口
!
interface FastEthernet0/17
no ip address
!
interface FastEthernet0/18
no ip address
!
interface FastEthernet0/19
no ip address
!
interface FastEthernet0/20
no ip address
!
interface FastEthernet0/21
no ip address
!
interface FastEthernet0/22
no ip address
!
interface FastEthernet0/23
no ip address
!
interface FastEthernet0/24
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 10.65.156.17 255.255.128.0
no ip route-cache
!
no ip http server
!
access-list 101 permit ip host 10.65.161.105 host 10.65.156.24 //允许10.65.161.105访问10.65.156.24
access-list 101 permit ip host 10.65.161.105 host 10.63.128.46
access-list 101 permit ip host 10.65.161.105 host 10.63.128.4
access-list 101 permit ip host 10.65.161.105 host 10.65.156.210
access-list 101 permit ip host 10.65.161.106 host 10.65.156.24
access-list 101 permit ip host 10.65.161.106 host 10.65.156.210
access-list 101 permit ip host 10.65.161.106 host 10.63.128.46
access-list 101 permit ip host 10.65.161.106 host 10.63.128.4
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dqytv2950
!
enable secret 5 $1$o8qb$RH2NF9e7IrNQQYZ8Vq7nF0
enable password ytv2003
!
ip subnet-zero
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
no ip address
!
interface FastEthernet0/2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
no ip address
!
interface FastEthernet0/13
no ip address
!
interface FastEthernet0/14
no ip address
!
interface FastEthernet0/15
no ip address
ip access-group 101 in //将101列表应用到交换机的fa0/15口
!
interface FastEthernet0/16
no ip address
ip access-group 101 in //将101列表应用到交换机的fa0/16口
!
interface FastEthernet0/17
no ip address
!
interface FastEthernet0/18
no ip address
!
interface FastEthernet0/19
no ip address
!
interface FastEthernet0/20
no ip address
!
interface FastEthernet0/21
no ip address
!
interface FastEthernet0/22
no ip address
!
interface FastEthernet0/23
no ip address
!
interface FastEthernet0/24
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 10.65.156.17 255.255.128.0
no ip route-cache
!
no ip http server
!
access-list 101 permit ip host 10.65.161.105 host 10.65.156.24 //允许10.65.161.105访问10.65.156.24
access-list 101 permit ip host 10.65.161.105 host 10.63.128.46
access-list 101 permit ip host 10.65.161.105 host 10.63.128.4
access-list 101 permit ip host 10.65.161.105 host 10.65.156.210
access-list 101 permit ip host 10.65.161.106 host 10.65.156.24
access-list 101 permit ip host 10.65.161.106 host 10.65.156.210
access-list 101 permit ip host 10.65.161.106 host 10.63.128.46
access-list 101 permit ip host 10.65.161.106 host 10.63.128.4
默认情况下,2950交换机是拒绝所有访问,即access-list 101 deny ip any any
!
line con 0
password datapart
login
line vty 0 4
exec-timeout 5 0
password datapart
login
line vty 5 15
exec-timeout 5 0
password datapart
login
!
!
monitor session 1 source interface Fa0/6
monitor session 1 destination interface Fa0/24
end
!
line con 0
password datapart
login
line vty 0 4
exec-timeout 5 0
password datapart
login
line vty 5 15
exec-timeout 5 0
password datapart
login
!
!
monitor session 1 source interface Fa0/6
monitor session 1 destination interface Fa0/24
end
转载于:https://blog.51cto.com/sunrc/256189
扫一扫
61
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
