Сообщения: 526
Благодарности: 17
|
Профиль
|
Сайт
|
Отправить PM
| Цитировать
У меня получается вот так.
interface Vlan101
description Vlan1-NSOF
ip address 172.10.1.3 255.255.255.0
ip route-cache
ip access-list extended vlan_101_vlan_102_in in
ip access-list extended vlan_103_internet in
!
interface Vlan102
description Vlan2-NSOF
ip address 172.10.2.3 255.255.255.0
ip route-cache
ip access-list extended vlan_102_vlan_101_in in
!
interface Vlan103
description Vlan3-MSOF
ip address 172.10.254.3 255.255.255.0
ip route-cache
!
interface Async1
no ip address
encapsulation slip
no ip route-cache
shutdown
!
ip route 0.0.0.0 0.0.0.0 172.10.1.7
!
!
ip http server
ip http access-class 23
no ip http secure-server
!
ip access-list extended vlan_101_vlan_102_in
remark alow all traffic from Vlan101 to Vlan102
permit any network 172.10.1.0 0.0.0.255 network 172.10.2.0 0.0.0.255
deny any
!
ip access-list extended vlan_102_vlan_101_in
remark alow all traffic from Vlan102 to Vlan101
permit any network 172.10.2.0 0.0.0.255 network 172.10.1.0 0.0.0.255
deny any
!
ip access-list extended vlan103_internet
remark allow dns traffic from NSOF DNS to Vlan103
permit tcp eq domain host 172.10.1.4 network 172.10.254.0 0.0.0.255
permit tcp eq domain host 172.10.1.5 network 172.10.254.0 0.0.0.255
permit udp eq domain host 172.10.1.4 network 172.10.254.0 0.0.0.255
permit udp eq domain host 172.10.1.5 network 172.10.254.0 0.0.0.255
remark alow internet traffic from Vlan 103 to Gateway NSOFISA01
permit tcp eq 80 host 172.10.1.7 network 172.10.254.0 0.0.0.255
permit tcp eq 443 host 172.10.1.7 network 172.10.254.0 0.0.0.255
permit tcp eq 25 host 172.10.1.7 network 172.10.254.0 0.0.0.255
permit tcp eq 110 host 172.10.1.7 network 172.10.254.0 0.0.0.255
deny any
!
|
|
-------
MVP | MCP Club lead, Moscow | http://potapale.wordpress.com
Последний раз редактировалось Aleksey Potapov, 28-11-2008 в 13:27.
Отправлено: 13:10, 28-11-2008
| #46
|
