VLAN访问控制配置:NAT和ACL实现不同VLAN访问权限
配置NAT:
interface gigabitethernet0/0
ip nat outside
interface gigabitethernet0/1.10
ip nat inside
interface gigabitethernet0/1.20
ip nat inside
interface gigabitethernet0/1.30
ip nat inside
access-list 1 permit any
access-list 2 permit tcp any any eq www
ip nat inside source list 1 interface gigabitethernet0/0 overload
ip nat inside source list 2 interface gigabitethernet0/0 overload
配置访问控制列表:
access-list 100 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 20.20.20.1 eq ftp
interface gigabitethernet0/1.10
ip access-group 100 in
interface gigabitethernet0/1.20
ip access-group 100 in
interface gigabitethernet0/1.30
ip access-group 100 in
原文地址: https://www.cveoy.top/t/topic/ovOL 著作权归作者所有。请勿转载和采集!