标签:路由配置 ethernet ip add ann active 端口 des native ace
新交换机配置基础命令核心交换机配置
配置DHCP服务
ip dhcp pool User
network 172.16.200.0 255.255.255.0 DHCP地址池
default-router 172.16.200.1 网关
dns-server 202.96.209.133 8.8.8.8 DNS
lease 8 租约(如果是0 4,就是4小时)
ip dhcp excluded-address 172.16.200.2 172.16.200.10 保留的地址
ip route 0.0.0.0 0.0.0.0 172.16.10.3 默认路由
ip route 0.0.0.0 0.0.0.0 172.16.11.3 20 默认路由
这个路由配置意思是172.16.10.3断掉后自动 切换到172.16.11.3
ACL配置(拒绝策略,需应用在vlan Guest的in方向)
ip access-list extended Guest
deny ip 10.112.250.0 0.0.0.255 10.112.10.0 0.0.0.255
deny ip Guest段的IP 反掩码 访问段的IP 反掩码
deny ip 10.112.250.0 0.0.0.255 10.112.12.0 0.0.0.255
deny ip 10.112.250.0 0.0.0.255 10.112.100.0 0.0.0.255
deny ip 10.112.250.0 0.0.0.255 10.112.50.0 0.0.0.255
deny ip 10.112.250.0 0.0.0.255 192.168.11.0 0.0.0.255
deny ip 10.112.250.0 0.0.0.255 10.112.1.0 0.0.0.255
permit ip any any
!
interface Vlan600
description Guest
ip address 10.112.250.1 255.255.255.0
ip access-group Guest in
标签:路由配置 ethernet ip add ann active 端口 des native ace
原文地址:https://blog.51cto.com/11451128/2425384
