一、需求:
局域网内两个网段,vlan10 和 vlan 20,分别实现 vlan10 可访问专网,vlan20 可访问互联网,且两个网段彼此不互通。拓朴如下:
二、配置思路:
1、S1起 vlan10、20,做 acl 配置网段禁止互访策略,上联口做 trunk口
2、网关起在 R1 上,R1 下联口做单臂路由
3、R1 两个出口分别做源 nat (Easy IP)
三、具体配置如下:
[S1]
vlan batch 10 20
#
acl number 2000rule 5 deny source 172.1.1.0 0.0.0.255rule 10 permit
#
acl number 2001rule 5 deny source 10.1.1.0 0.0.0.255rule 10 permit
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 10traffic-filter inbound acl 2000
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 20traffic-filter inbound acl 2001
#
interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 2 to 4094
#[R1]
acl number 3000 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 192.168.199.0 0.0.0.255 rule 10 deny ip
acl number 3001 rule 6 permit ip source 172.1.1.0 0.0.0.255 destination 8.8.8.0 0.0.0.255 rule 10 deny ip
#
interface GigabitEthernet0/0/0.1dot1q termination vid 10ip address 10.1.1.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/0.2dot1q termination vid 20ip address 172.1.1.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/1ip address 192.168.199.2 255.255.255.0 nat outbound 3000
#
interface GigabitEthernet0/0/2ip address 8.8.8.2 255.255.255.0 nat outbound 3001
#![[深度学习]yolov8+streamlit搭建精美界面GUI网页设计源码实现三](https://csdnimg.cn/release/blog_editor_html/release2.3.6/ckeditor/plugins/CsdnLink/icons/icon-default.png?t=N7T8){kind=icon}
