求教命令
想针对交换机的某一个端口或者几个端口进行路由限制访问
只能访问
10.0.0.0段到10.100.0.0段
172.22.72.0段
除了以上的IP段其它网段都不可以访问 尤其是不能访问互联网
比如说下面交换机配置的1口 只能访问10.0.0.0段到10.100.0.0段 172.22.72.0段 掩码是255.255.255.0 其他口没限制
<4haolou-2F-5120-24-2>disp cu
#
version 5.20, Release 2220P02
#
sysname 4haolou-2F-5120-24-2
#
domain default enable system
#
telnet server enable
#
management-vlan 1000
#
dot1x
dot1x authentication-method eap
#
undo ip http enable
#
password-recovery enable
#
vlan 1
#
vlan 105 to 112
#
vlan 201 to 203
#
vlan 401 to 402
#
vlan 501 to 502
#
vlan 1000
#
radius scheme 2000
primary authentication 10.10.2.50
primary accounting 10.10.2.50
key authentication cipher $c$3$lSSr2PnHmtq+rXw/jISZ6zypR7KCv7548A==
key accounting cipher $c$3$fubUnklnvsm5SrOKZ0a3SasiM7bgd3ZKWQ==
user-name-format without-domain
#
domain system
authentication lan-access radius-scheme 2000 none
authorization lan-access radius-scheme 2000 none
accounting lan-access radius-scheme 2000 none
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user 8888
password cipher $c$3$Gu4faoECzoj5pLanQwyi5VfKAg3diX+4dB0QTg==
authorization-attribute level 3
service-type telnet
#
interface NULL0
#
interface Vlan-interface1000
ip address 10.11.1.6 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 401
dot1x
(0)
最佳答案
流量入口配置包过滤,过滤的acl 先放通允许访问的目的网段,最后deny any
#
acl number 3501
rule 10 permit ip source 10.0.0.0 0.255.255.255 destination 10.100.0.0 0.0.255.255 //放通
rule 20 permit ip source 10.0.0.0 0.255.255.255 destination 172.22.72.0 0.0.0.255 //放通
rule 100 deny ip //最后阻断所有
#
interface GigabitEthernet1/0/12 //流量入口inbound方向调用
packet-filter 3501 inbound
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论