三层交换设置互访以及访问策略

1.配置网段192.168.1.0和192.168.2.0互访

[switchB]acl 3000

[switchB-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0

0.0.0.255

[switchB-adv-3000]rule ip source 192.168.2.0 0.0.0.255

[switchB-adv-3000]quit

2.配置相互独立的ACL3001、ACL3002

[switchB]acl 3001 //匹配192.168.1.0网段的用户数据流

[switchB-adv-3001]rule permit ip source 192.168.1.0 0.0.0.255

[switchB-adv-3001]quit

[switchB]acl 3002 //匹配192.168.2.0网段的用户数据流

[switchB-adv-3002]rule permit ip source 192.168.2.0 0.0.0.255

[switchB-adv-3001]quit

3.配置自匹配

[switchB]traffic classifier c0 operator or

[switchB-classifier-c0]if-match acl 3000

[switchB-classifier-c0]quit

[switchB]traffic classifier c1 operator or

[switchB-classifier-c1]if-match acl 3001

[switchB-classifier-c1]quit

[switchB]traffic classifier c2 operator or

[switchB-classifier-c2]if-match acl 3002

[switchB-classifier-c2]quit

4.设置外网访问匹配通道

[switchB]traffic behavior b0

[switchB-behavior-b0]permit

[switchB-behavior-b0]quit

[switchB]traffic behavior b1

[switchB-behavior-b1]redirect ip-nexthop 202.100.1.2

[switchB-behavior-b1]quit

[switchB]traffic behavior b2

[switchB-behavior-b2]redirect ip-nexthop 104.114.128.2

[switchB-behavior-b2]quit

5.将ACL以及外网访问策略结合

[switchB]traffic policy p1

[switchB-trafficpolicy-p1]classifier c0 behavior b0

[switchB-trafficpolicy-p1]cassifier c1 behavior b1

[switchB-trafficpolicy-p1]cassifier c2 behavior b2

[switchB-trafficpolicy-p1]quit

6.策略应用到G0/0/3入口

[switchB]interface G/0/0/3

[switchB-GigabitEthernet0/0/3]traffic-policy p1 inbound

[switchB-GigabitEthernet0/0/3]return