3550上接一PIX,VLAN 1中接有各种服务器(有公网映射IP),故各VLAN必须能访问服务器。
cr20g#show run
Building configuration...
Current configuration : 5488 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cr20g
!
enable secret 5 $1$Xtuj$E.l2l.ev7mOCVtwPeEXz1.
enable password 7 08771A1D5A4152404B0805172924
!
username jary password 7 070C285F4D0648564E43595B5D7E797179
ip subnet-zero
ip routing
!
mls qos
!
class-map match-all part6
match access-group 116
class-map match-all part5
match access-group 115
class-map match-all part4
match access-group 114
class-map match-all part3
match access-group 113
class-map match-all part2
match access-group 112
!
!
policy-map download
class part2
police 1000000 8000 exceed-action drop
class part3
police 1800000 8000 exceed-action drop
class part4
police 496000 8000 exceed-action drop
class part5
police 496000 8000 exceed-action drop
class part6
police 800000 8000 exceed-action drop
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport mode access
!
interface FastEthernet0/8
switchport mode access
!
interface FastEthernet0/9
switchport mode access
!
interface FastEthernet0/10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
service-policy input download
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
service-policy input download
!
interface FastEthernet0/13
switchport access vlan 2
switchport mode access
service-policy input download
!
interface FastEthernet0/14
switchport access vlan 3
switchport mode access
service-policy input download
!
interface FastEthernet0/15
switchport access vlan 4
switchport mode access
service-policy input download
!
interface FastEthernet0/16
switchport access vlan 5
switchport mode access
service-policy input download
!
interface FastEthernet0/17
switchport access vlan 6
switchport mode access
service-policy input download
!
interface FastEthernet0/18
switchport access vlan 6
switchport mode access
service-policy input download
!
interface FastEthernet0/19
switchport mode access
!
interface FastEthernet0/20
switchport mode access
!
interface FastEthernet0/21
switchport mode access
!
interface FastEthernet0/22
switchport mode access
!
interface FastEthernet0/23
switchport mode access
!
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
!
interface Vlan6
ip address 192.168.6.1 255.255.255.0
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
!
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 112 deny ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 112 permit ip 192.168.2.0 0.0.0.255 any
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 113 permit ip 192.168.3.0 0.0.0.255 any
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 114 permit ip 192.168.4.0 0.0.0.255 any
access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 115 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 115 permit ip 192.168.5.0 0.0.0.255 any
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 116 permit ip 192.168.6.0 0.0.0.255 any
!
line con 0
password 7 14141B180F0B7B787D7961627B47554352
logging synchronous
login
line vty 0 4
password 7 104D000A061843585555787C7D7C616073
login
line vty 5 15
password 7 104D000A061843585555787C7D7C616073
login
!
end
cr20g#