Сообщения: 526
Благодарности: 17
|
Профиль
|
Сайт
|
Отправить PM
| Цитировать
про пары ничего не понял...(
из той же самой 172.10.2.54.0 /24
так короче если делать с in правилами у меня получилось вот так....что-то очень замудрено....
! NSOFISA01
interface FastEthernet0
ip address 128.32.1.2 255.255.255.0
no ip route-cache
no shutdown
duplex auto
speed auto
ip access-list FE0_in in
!
interface FastEthernet1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
! NSOFDC01
interface FastEthernet2
switchport access vlan 101
! NSOFDC02
interface FastEthernet3
switchport access vlan 101
! NSOFISA01
interface FastEthernet4
switchport access vlan 101
! NSOFEX01
interface FastEthernet5
switchport access vlan 101
! NSOFAPS01
interface FastEthernet6
switchport access vlan 101
! NSOFSW01
interface FastEthernet7
switchport access vlan 101
! NSOFSW02
interface FastEthernet8
switchport access vlan 102
! MSOFSW01
interface FastEthernet9
switchport access vlan 103
!
interface Vlan1
no ip address
!
interface Vlan101
description NSOF-Vlan1
ip address 172.10.1.3 255.255.255.0
no ip route-cache
ip access-list Vlan_101_in in
!
interface Vlan102
description NSOF-Vlan2
ip address 172.10.2.3 255.255.255.0
no ip route-cache
ip access-list Vlan_102_in in
!
interface Vlan103
description MSOF-Vlan3
ip address 172.10.254.3 255.255.255.0
no ip route-cache
!
interface Async1
no ip address
encapsulation slip
no ip route-cache
shutdown
!
ip route 0.0.0.0 0.0.0.0 172.10.1.7
!
!
no ip http server
no ip http secure-server
!
ip access-list FE0_in permit 172.10.1.0 0.255.255.255
ip access-list FE0_in permit 172.10.2.0 0.255.255.255
ip access-list FEO_in permit tcp any network 172.10.254.0 0.255.255.255 eq smtp
ip access-list FEO_in permit tcp any network 172.10.254.0 0.255.255.255 eq pop3
ip access-list FEO_in permit tcp any network 172.10.254.0 0.255.255.255 eq www
ip access-list FEO_in permit tcp any network 172.10.254.0 0.255.255.255 eq 443
deny any
!
ip access-list Vlan_101_in pemit 172.10.1.0 0.255.255.255
ip access-list Vlan_101_in pemit 172.10.2.0 0.255.255.255
ip access-list Vlan_101_in permit tcp any network 172.10.254.0 0.255.255.255 eq domain
ip access-list Vlan_101_in permit udp any network 172.10.254.0 0.255.255.255 eq domainс
deny any
!
ip access-list Vlan_102_in permit 172.10.2.0 0.255.255.255
ip access-list Vlan_102_in pemit 172.10.1.0 0.255.255.255
deny any
!
ip access-list extended vlan_103_in
deny any
!
мозг начинает плавится)
|
|
-------
MVP | MCP Club lead, Moscow | http://potapale.wordpress.com
Последний раз редактировалось Aleksey Potapov, 26-11-2008 в 13:28.
Отправлено: 13:16, 26-11-2008
| #15
|
