交换机
vlan 10
port e1/0/1 可以有多个端口
int vlan-interface 10
ip address 142.16.1.1 24
qu
vlan 20
port e1/0/2
int vlan-interface 20
ip address 142.16.2.1 24
qu
ospf 1
area 0
network 142.16.1.1 0.0.0.255
network 142.16.2.1 0.0.0.255
quinterface loopback0
ip address xxx.xx.xx.x 24
qu
route id xxx.xx.xx.x
ospf路由:两个子网网关加上loopback的网关terface e1/0/1 // 进入接口
port link-type access//接口配置为access模式
port access vlan 10//把接口加入vlan10
interface e1/0/3
port link-type trunk //接口配置设置为trunk模式
port trunk permit vlan 10 20//配置trunk干道允许通过vlan10 20
port trunk pvid vlan 10 //trunk接收到未标记帧将其转发到vlan 10 端口路由器
int g0/0
ip address 142.16.1.2 24
qu
int g0/1
ip address 142.16.3.1 24
qu
ospf 1
area 0
network 142.16.1.2 0.0.0.255
network 142.16.3.1 0.0.0.255
qu
进入端口int g0/0, 使用undo shutdown命令打开端口。包过滤
acl number 2000
rule deny source 192.168.1.2 0
qu
interface g0/0
packet-filter 2000 inbound//在端口应用acl
undo packet-filter 2000 inbound//不应用
undo acl number 2000 //去除规则2000acl name denyping advanced
rule deny icmp icmp-type echo source 10.100.1.122 0 destination 10.110.34.125 0
rule deny icmp icmp-type echo-reply source 10.100.1.122 0 destination 10.110.34.125 0//禁止ICMP的ECHO和ECHO-REPLY报文
packet-filter ip-group denyping //激活acl
display denying acl runtime all //显示ACL运行信息
rule deny ingress interface e0/9 egress any //禁止从e0/9接口来的数据流
rule deny ingress 2 egress any //禁止从valn2来的数据流
扫一扫
753
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
