AR系列路由器配置双出口
本帖最后由 fujingxx 于 2015-7-28 22:27 编辑网络拓扑:通过AR1220-S路由器连接两个网络分别是,联通网络(外网)、政务网络(内网)分别接入GE0/0/0(外网)\GE0/0/1(内网)。同时路由器有VLAN10和VLAN20。VLAN10能够访问外网和VLAN20(但不能访问政务网) VLAN20能够访问VLAN10和政务网(不能访问外网)。地址:互联网IP:202.11.1.2/24网关:202.11.1.1/24政务网IP:10.39.22.30/24网关:10.39.22.31/24内网VLANVLAN10:192.168.1.0/24VLAN20:192.168.2.0/24 那个大神能帮帮忙说明一下哪台AR-1220的配置啊多谢了 (请提供配置){:soso_e165:}
两条ACL搞定。 #
vlan 10
name vlan10
vlan 20
name vlan20
#
acl number 3001
rule 10 deny ip source 192.168.1.0 0.0.0.255 destination 10.39.22.0 0.0.0.255
rule 20 deny ip source 172.16.1.0 0.0.0.255 destination 202.11.1.0 0.0.0.255
#
traffic classifier 1 operator or
if-match acl 3001
#
traffic behavior b
#
traffic policy c
classifier 1 behavior b
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
traffic-policy c inbound
#
interface Vlanif20
ip address 172.16.1.254 255.255.255.0
traffic-policy c inbound
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20 vlan 10
name vlan10
vlan 20
name vlan20
#
acl number 3001
rule 10 deny ip source 192.168.1.0 0.0.0.255 destination 10.39.22.0 0.0.0.255
rule 20 deny ip source 172.16.1.0 0.0.0.255 destination 202.11.1.0 0.0.0.255
#
traffic classifier 1 operator or
if-match acl 3001
#
traffic behavior b
#
traffic policy c
classifier 1 behavior b
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
traffic-policy c inbound
#
interface Vlanif20
ip address 172.16.1.254 255.255.255.0
traffic-policy c inbound
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
#interface GigabitEthernet0/0/0
ip address 202.11.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.39.22.30 255.255.255.0
# 路过了解一下 朴素的吸水海棉 发表于 2015-7-29 00:15
vlan 10
name vlan10
vlan 20
你这个路由怎么做? 路过了解一下 路过了解一下 路过了解一下!
页:
[1]