思科 三层交换机 NAT转换 ACL实验
要求:
1、允许pc0访问server1 禁止ping
2、禁止pc1 访问server1 允许ping
3、禁止server1 访问server0
先配置三层交换机
switch 0:
vlan 10
int f0/2
sw mode acc
sw acc vlan 10
ex
int f0/1
sw mode trunk
sw trunk allowed vlan all
switch 1: 同理
三层交换机配置
int vlan 10
int vlan 20
两台主机互ping
配置vlan 40 和默认路由
Router 0:
int g0/0 ip add 192.168.40.2 255.255.255.0 no shut
int g0/1 ip add 10.10.10.1 255.255.255.0 no shut
int g0/0 ip add 192.168.40.2 255.255.255.0 no shut
ip route 192.168.0.0 255.255.0.0 192.168.40.2
配置NAT
ip nat inside sour ststic tcp 192.168.30.1 80 10.10.10.3 80
acc 1 permit 192.168.0.0 0.0.255.255
ip nat pool 1 10.10.10.4 10.10.10.10 net 255.255.255.0
int g0/0 ip nat inside
int g0/1 ip nat outside
ex
ip nat inside source list 1 pool 1
ip route 76.12.0.0 255.255.0.0 10.10.10.2
router 1 配网关
查看是否互通
配置acl
在Router 0
配ACL
1、允许pc0访问server1 禁止ping
2、禁止pc1 访server1 允许ping
acc 101 deny icmp host 192.168.10.1 host 76.12.96.1
acc 101 permit ip host 192.168.10.1 host76.12.96.1
acc 101 permit icmp host 192.168.20.1 host 76.12.96.1
acc 101 deny ip 192.168.20.1 host 76.12.96.1
acc 101 per it any any
int g0/0 ip acc 101 in
在Router 1上
3、禁止server1 访问server0
acc 101 deny ip host 76.12.32.1 host 12.12.12.3
acc 101 permit it any any
int g0/2
ip acc 101 in
允许pc0访问server1 禁止ping
禁止pc1 访server1 允许ping
禁止server1 访问server0