设为首页 收藏本站

运维网

 找回密码
 立即注册
查看: 428|回复: 0

[经验分享] Cisco 3750 内网ACL内网访控

[复制链接]
发表于 2018-7-13 06:07:59 | 显示全部楼层 |阅读模式
Current configuration : 15743 bytes  !
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  service sequence-numbers
  !
  hostname FS-JF-3750
  !
  boot-start-marker
  boot-end-marker
  !
  enable password cisco
  !
  !
  !
  no aaa new-model
  switch 1 provision ws-c3750x-24
  system mtu routing 1500
  ip routing
  no ip dhcp conflict logging
  ip dhcp excluded-address 10.10.14.240 10.10.14.254
  ip dhcp excluded-address 10.10.15.240 10.10.15.254
  ip dhcp excluded-address 10.10.16.240 10.10.16.254
  ip dhcp excluded-address 10.10.17.240 10.10.17.254
  ip dhcp excluded-address 10.10.18.240 10.10.18.254
  ip dhcp excluded-address 10.10.19.240 10.10.19.254
  ip dhcp excluded-address 10.10.20.240 10.10.20.254
  ip dhcp excluded-address 10.10.21.240 10.10.21.254
  ip dhcp excluded-address 10.10.22.240 10.10.22.254
  ip dhcp excluded-address 10.10.23.240 10.10.23.254
  ip dhcp excluded-address 10.10.24.240 10.10.24.254
  ip dhcp excluded-address 10.10.25.240 10.10.25.254
  ip dhcp excluded-address 10.10.26.240 10.10.26.254
  ip dhcp excluded-address 10.10.27.240 10.10.27.254
  ip dhcp excluded-address 10.10.28.240 10.10.28.254
  ip dhcp excluded-address 10.10.29.240 10.10.29.254
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.171 192.168.1.254
  ip dhcp excluded-address 192.168.2.1
  ip dhcp excluded-address 192.168.2.1 192.168.2.20
  ip dhcp excluded-address 192.168.1.1 192.168.1.30
  ip dhcp ping packets 10
  ip dhcp ping timeout 800
  !
  ip dhcp pool vlan21-pool
  network 10.10.21.0 255.255.255.0
  default-router 10.10.21.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan22-pool
  network 10.10.22.0 255.255.255.0
  default-router 10.10.22.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan23-pool
  network 10.10.23.0 255.255.255.0
  default-router 10.10.23.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan24-pool
  network 10.10.24.0 255.255.255.0
  default-router 10.10.24.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan25-pool
  network 10.10.25.0 255.255.255.0
  default-router 10.10.25.1
  dns-server 202.99.192.68 202.99.192.66
  !
  ip dhcp pool vlan29-pool
  network 10.10.29.0 255.255.255.0
  default-router 10.10.29.1
  dns-server 202.99.192.68 202.99.192.66
  !
  ip dhcp pool vlan1
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.2
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan2
  network 192.168.2.0 255.255.255.0
  default-router 192.168.2.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan28-pool
  network 10.10.28.0 255.255.255.0
  default-router 10.10.28.1
  dns-server 202.99.192.68 202.99.192.66
  !
  ip dhcp pool vlan27-pool
  network 10.10.27.0 255.255.255.0
  default-router 10.10.27.1
  dns-server 202.99.192.68 202.99.192.66
  !
  ip dhcp pool vlan26-pool
  network 10.10.26.0 255.255.255.0
  default-router 10.10.26.1
  dns-server 202.99.192.68 202.99.192.66
  !
  ip dhcp pool vlan14-pool
  network 10.10.14.0 255.255.255.0
  default-router 10.10.14.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan15-pool
  network 10.10.15.0 255.255.255.0
  default-router 10.10.15.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan16-pool
  network 10.10.16.0 255.255.255.0
  dns-server 202.99.192.68 219.150.32.132
  default-router 10.10.16.1
  !
  ip dhcp pool vlan17-pool
  network 10.10.17.0 255.255.255.0
  default-router 10.10.17.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan18-pool
  network 10.10.18.0 255.255.255.0
  dns-server 202.99.192.68 219.150.32.132
  default-router 10.10.18.1
  !
  ip dhcp pool vlan19-pool
  network 10.10.19.0 255.255.255.0
  default-router 10.10.19.1
  dns-server 202.99.192.68 219.150.32.132
  !
  ip dhcp pool vlan20-pool
  network 10.10.20.0 255.255.255.0
  dns-server 202.99.192.68 219.150.32.132
  default-router 10.10.20.1
  !
  ip dhcp pool vlan13-pool
  network 10.10.13.0 255.255.255.0
  default-router 10.10.13.1
  dns-server 202.99.192.68
  !
  ip dhcp pool vlan10-pool
  network 10.10.10.0 255.255.255.0
  default-router 10.10.10.1
  dns-server 202.99.192.68 219.150.32.132
  !
  !
  !
  !
  crypto pki trustpoint TP-self-signed-218727552
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-218727552
  revocation-check none
  rsakeypair TP-self-signed-218727552
  !
  !
  crypto pki certificate chain TP-self-signed-218727552
  certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32313837 32373535 32301E17 0D393330 33303130 30303132
  335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3231 38373237
  35353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B694F5DC 5B27123B 360B2D34 C3BFC603 C7B508B1 C1B145E3 28BDE548 2DF837F8
  E836B967 9CD871F1 FB06E39A 67453588 A1E79E2B 0EA9166A 9A50E4BA 80F97D4C
  BE317A7D 5C8AC488 300D9833 ACF2F240 D955EE25 D8197FB5 5AF97273 02C32049
  6ECC0893 A45813C0 17F69F04 E31198DC 32890FB5 5306D6AB CB18A598 4E9C5FA7
  02030100 01A36B30 69300F06 03551D13 0101FF04 05300301 01FF3016 0603551D
  11040F30 0D820B43 6F72652D 33373530 582E301F 0603551D 23041830 16801420
  6E39B15A BFF98C96 BC58D8A4 3B30C5DC 8A568730 1D060355 1D0E0416 0414206E
  39B15ABF F98C96BC 58D8A43B 30C5DC8A 5687300D 06092A86 4886F70D 01010405
  00038181 009D1884 56BC0E24 6A984389 1A0D9158 E16490D9 5BDF2A11 288C79D1
  A317D75E BC6B197C 6AE27420 DC0590B7 CA58D065 4030E0C9 BE43C04A 64C9060E
  C4F91B93 6CAF9A60 C18EBDA4 2C0733CF 401C334F 8CD3B173 6A450A94 16B16DC2
  AD9B0E48 8A1CA622 558FED42 3A39E27F 5ECA9F1A 91F62AC1 D1D199B8 26FA1DB3
  C071321E A1
  quit
  spanning-tree mode pvst
  spanning-tree extend system-id
  !
  !
  !
  !
  vlan internal allocation policy ascending
  !
  !
  !
  interface FastEthernet0
  no ip address
  no ip route-cache cef
  no ip route-cache
  no ip mroute-cache
  !
  interface GigabitEthernet1/0/1
  switchport mode access
  !
  interface GigabitEthernet1/0/2
  switchport mode access
  !
  interface GigabitEthernet1/0/3
  switchport mode access
  !
  interface GigabitEthernet1/0/4
  switchport mode access
  !
  interface GigabitEthernet1/0/5
  switchport access vlan 19
  switchport mode access
  !
  interface GigabitEthernet1/0/6
  switchport access vlan 20
  switchport mode access
  !
  interface GigabitEthernet1/0/7
  switchport access vlan 26
  switchport mode access
  !
  interface GigabitEthernet1/0/8
  switchport mode access
  !
  interface GigabitEthernet1/0/9
  switchport mode access
  !
  interface GigabitEthernet1/0/10
  switchport access vlan 11
  switchport mode access
  ip dhcp client lease 1 0 0
  !
  interface GigabitEthernet1/0/11
  switchport access vlan 11
  !
  interface GigabitEthernet1/0/12
  !
  interface GigabitEthernet1/0/13
  !
  interface GigabitEthernet1/0/14
  !
  interface GigabitEthernet1/0/15
  !
  interface GigabitEthernet1/0/16
  !
  interface GigabitEthernet1/0/17
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/0/18
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/0/19
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/0/20
  description conncet-2960-2
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/0/21
  description connect-Jiangmin-manager
  switchport access vlan 3
  switchport trunk encapsulation dot1q
  switchport mode access
  !
  interface GigabitEthernet1/0/22
  description connect-2960-1
  switchport access vlan 12
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/0/23
  description connect-5512
  switchport access vlan 3
  switchport trunk encapsulation dot1q
  switchport mode access
  !
  interface GigabitEthernet1/0/24
  description connect-jiangmin-jingxiang
  switchport access vlan 3
  switchport trunk encapsulation dot1q
  switchport mode access
  !
  interface GigabitEthernet1/1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/1/2
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/1/3
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface GigabitEthernet1/1/4
  switchport trunk encapsulation dot1q
  switchport mode trunk
  !
  interface TenGigabitEthernet1/1/1
  !
  interface TenGigabitEthernet1/1/2
  !
  interface Vlan1
  ip address 192.168.1.2 255.255.255.0
  !
  interface Vlan2
  ip address 192.168.2.1 255.255.255.0
  !
  interface Vlan3
  description FS-SW3750-ASA5512
  ip address 10.10.1.1 255.255.255.0
  !
  interface Vlan10
  description FS-Jifang-Network
  ip address 10.10.10.1 255.255.255.0
  !
  interface Vlan11
  description FS-JianKong-manager
  ip address 10.10.11.1 255.255.255.0
  ip access-group 102 out
  !
  interface Vlan12
  description FS-server-Network
  ip address 10.10.12.1 255.255.255.0
  ip access-group 101 out
  !
  interface Vlan13
  description FS-Lianjianlou-Network
  ip address 10.10.13.1 255.255.255.0
  !
  interface Vlan14
  description FS-Gongyinglou-Network
  ip address 10.10.14.1 255.255.255.0
  !
  interface Vlan15
  description FS-Duizulou-Network
  ip address 10.10.15.1 255.255.255.0
  !
  interface Vlan16
  description FS-Jidianlou-Network
  ip address 10.10.16.1 255.255.255.0
  !
  interface Vlan17
  description FS-Jiujing-Network
  ip address 10.10.17.1 255.255.255.0
  !
  interface Vlan18
  description FS-Xinjing-Network
  ip address 10.10.18.1 255.255.255.0
  !
  interface Vlan19
  description FS-xiaoyuan-Network
  ip address 10.10.19.1 255.255.255.0
  !
  interface Vlan20
  description FS-guolufang-Network
  ip address 10.10.20.1 255.255.255.0
  !
  interface Vlan21
  description FS-Shitang-Network
  ip address 10.10.21.1 255.255.255.0
  !
  interface Vlan22
  description FS-Sushe#1-01
  ip address 10.10.22.1 255.255.255.0
  !
  interface Vlan23
  description FS-Sushe#1-02
  ip address 10.10.23.1 255.255.255.0
  !
  interface Vlan24
  description FS-Sushe#1-03
  ip address 10.10.24.1 255.255.255.0
  !
  interface Vlan25
  description FS-Sushe#1-04
  ip address 10.10.25.1 255.255.255.0
  !
  interface Vlan26
  description FS-Sushe#2-01
  ip address 10.10.26.1 255.255.255.0
  !
  interface Vlan27
  description FS-Sushe#2-02
  ip address 10.10.27.1 255.255.255.0
  !
  interface Vlan28
  description FS-Sushe#2-03
  ip address 10.10.28.1 255.255.255.0
  !
  interface Vlan29
  description FS-Sushe#2-04
  ip address 10.10.29.1 255.255.255.0
  !

  ip>  ip route 0.0.0.0 0.0.0.0 10.10.1.2
  ip route 10.41.0.0 255.255.0.0 192.168.1.128
  ip route 192.168.102.0 255.255.255.0 192.168.1.241
  ip http server
  ip http secure-server
  !
  ip sla enable reaction-alerts
  access-list 101 deny   ip 192.168.2.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.10.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.13.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.14.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.15.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.16.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.17.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.18.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.20.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.21.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.22.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.23.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.24.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.26.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.25.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.27.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 deny   ip 10.10.28.0 0.0.0.255 10.10.12.0 0.0.0.255
  access-list 101 permit ip any 10.10.12.0 0.0.0.255
  access-list 102 deny   ip 192.168.2.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.13.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.14.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.15.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.16.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.17.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.18.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.20.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.21.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.22.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.23.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.24.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.26.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.25.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.27.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 deny   ip 10.10.28.0 0.0.0.255 10.10.11.0 0.0.0.255
  access-list 102 permit ip any 10.10.11.0 0.0.0.255
  arp 10.10.13.8 0025.1189.8928 ARPA
  arp 10.10.13.3 c80a.a962.466d ARPA
  arp 10.10.13.2 4487.fcc9.82d6 ARPA
  arp 10.10.14.55 0027.1993.9568 ARPA
  snmp-server community public RO
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps transceiver all
  snmp-server enable traps tty
  snmp-server enable traps eigrp
  snmp-server enable traps ospf state-change
  snmp-server enable traps ospf errors
  snmp-server enable traps ospf retransmit
  snmp-server enable traps ospf lsa
  snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
  snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
  snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
  snmp-server enable traps ospf cisco-specific errors
  snmp-server enable traps ospf cisco-specific retransmit
  snmp-server enable traps ospf cisco-specific lsa
  snmp-server enable traps license
  snmp-server enable traps auth-framework sec-violation
  snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
  snmp-server enable traps cluster
  snmp-server enable traps config-copy
  snmp-server enable traps config
  snmp-server enable traps config-ctid
  snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
  snmp-server enable traps energywise
  snmp-server enable traps fru-ctrl
  snmp-server enable traps entity
  snmp-server enable traps event-manager
  snmp-server enable traps hsrp
  snmp-server enable traps ipmulticast
  snmp-server enable traps power-ethernet group 1-9
  snmp-server enable traps power-ethernet police
  snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
  snmp-server enable traps cpu threshold
  snmp-server enable traps rtr
  snmp-server enable traps vstack
  snmp-server enable traps bridge newroot topologychange
  snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
  snmp-server enable traps syslog
  snmp-server enable traps vtp
  snmp-server enable traps vlancreate
  snmp-server enable traps vlandelete
  snmp-server enable traps flash insertion removal
  snmp-server enable traps port-security
  snmp-server enable traps envmon fan shutdown supply temperature status
  snmp-server enable traps stackwise
  snmp-server enable traps errdisable
  snmp-server enable traps mac-notification change move threshold
  snmp-server enable traps vlan-membership
  snmp-server host 10.10.1.1 public
  snmp-server host 10.10.19.2 public
  snmp-server host 192.168.1.2 public
  !
  !
  line con 0
  line vty 0 4
  password cisco
  login
  line vty 5 15
  login
  !
  !
  monitor session 1 source interface Gi1/0/23
  monitor session 1 destination interface Gi1/0/24
  end

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-536582-1-1.html 上篇帖子: Cisco QOS命令详解-2 下篇帖子: cisco通过IP地址查找相应端口
回复

使用道具 举报

返回列表
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服 E-mail:iyunvcom@gmail.com

本站由青云提供云计算服务

运维网--中国最专业的运维工程师交流社区

豫ICP备20007574号-1 Copyright © 2012-2025

关于我们

发展历程

联系我们

关注我们

广告服务

广告案例

隐私条款

免责声明

用户登录

用户注册

版主守则

申请版主

手机版

金币获取

帮助中心

每日签到

Good Good

Study

Day Day

UP


客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表