一、NAT实验配置
通过基本ACL匹配VLAN 10网段,然后在出口设备NAT转换只要匹配到VLAN10地址则进行转换。
核心交换机
# 配置VLAN和默认路由,配置Trunk和Access接口
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30
ip address 10.0.0.2 255.255.255.252
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
# 路由
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
出口路由器
# 配送路由和ACL以及NAT
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
# 配置路由
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ip route-static 192.168.10.0 255.255.255.0 10.0.0.2
ip route-static 192.168.20.0 255.255.255.0 10.0.0.2
# 配置接口地址,配置NAT与ACL匹配
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.252
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.252
中间路由器:
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.252
#
ip route-static 8.8.8.8 255.255.255.255 23.1.1.1
AR3:
interface GigabitEthernet0/0/1
ip address 23.1.1.1 255.255.255.252
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
PC1:正常访问8.8.8.8
PC2:没有进行NAT转换,访问超时
二、ACL流量过滤实验
正常配置access接口,划分VLAN,创建高级ACL匹配流量,然后调用过滤策略。
# 创建高级ACL,先匹配拒绝,然后再允许其它的访问流量
acl number 3000
rule 5 deny ip source 192.168.10.1 0 destination 192.168.20.2 0
rule 10 permit ip source 192.168.10.1 0
# 接口配置
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30
ip address 10.0.0.2 255.255.255.252
# 应用过滤策略
# 可以在全局应用流量过滤
traffic-filter inbound acl 3000
# 或者在入接口和出接口应用,在G0/0/2,入方向过滤或者在G0/0/4出方向过滤
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
traffic-filter outbound acl 3000
结果: 文章来源:https://www.toymoban.com/news/detail-800885.html
本文由 mdnice 多平台发布文章来源地址https://www.toymoban.com/news/detail-800885.html
到了这里,关于计算机网络-ACL实验的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!