ENSP模擬交換環境中調用高級ACL限制不同網段之間互訪

阿新 • • 發佈：2018-10-31

針對 ddr tex color 獲取 select work fad ado

實驗環境：

網段規劃：
vlan 100：10.10.10.0 /24 網關 10.10.10.254 DNS：8.8.8.8
vlan 101：192.168.10.0/24 網關 192.168.10.254 DNS：8.8.8.8
配置Center
1、創建vlan
vlan 100
description bangong
vlan 101
description youke
2、配置trunk接口
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk

port trunk allow-pass vlan 100 to 101
3、創建虛接口並配置IP地址
interface Vlanif101
ip address 192.168.10.254 255.255.255.0
interface Vlanif100
ip address 10.10.10.254 255.255.255.0
4、配置DHCP
dhcp enable
ip pool bangong
gateway-list 10.10.10.254
network 10.10.10.0 mask 255.255.255.0
dns-list 8.8.8.8

ip pool youke
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0

dns-list 8.8.8.8

interface Vlanif100
ip address 10.10.10.254 255.255.255.0
dhcp select global

interface Vlanif101
ip address 192.168.10.254 255.255.255.0
dhcp select global

配置Access1
vlan 100
description bangong
vlan 101
description youke

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3

port link-type access
port default vlan 100

interface Ethernet0/0/4
port link-type access
port default vlan 101

interface Ethernet0/0/5
port link-type access
port default vlan 100

配置Access2

vlan 100
description bangong
vlan 101
description youke

interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3
port link-type access
port default vlan 100

interface Ethernet0/0/4
port link-type access
port default vlan 101

interface Ethernet0/0/5
port link-type access
port default vlan 100

將PC1 PC2 PC3 PC4ip地址設置為自動獲取，並驗證獲取到的地址
技術分享圖片

我們先互相ping一下遊客和辦公網絡，目前是互通的

我們在Center上定義ACL
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 10.10.10.0 0.0.0.255