三层交换设置互访以及访问策略
1.配置网段192.168.1.0和192.168.2.0互访
[switchB]acl 3000
[switchB-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0
0.0.0.255
[switchB-adv-3000]rule ip source 192.168.2.0 0.0.0.255
[switchB-adv-3000]quit
2.配置相互独立的ACL3001、ACL3002
[switchB]acl 3001 //匹配192.168.1.0网段的用户数据流
[switchB-adv-3001]rule permit ip source 192.168.1.0 0.0.0.255
[switchB-adv-3001]quit
[switchB]acl 3002 //匹配192.168.2.0网段的用户数据流
[switchB-adv-3002]rule permit ip source 192.168.2.0 0.0.0.255
[switchB-adv-3001]quit
3.配置自匹配
[switchB]traffic classifier c0 operator or
[switchB-classifier-c0]if-match acl 3000
[switchB-classifier-c0]quit
[switchB]traffic classifier c1 operator or
[switchB-classifier-c1]if-match acl 3001
[switchB-classifier-c1]quit
[switchB]traffic classifier c2 operator or
[switchB-classifier-c2]if-match acl 3002
[switchB-classifier-c2]quit
4.设置外网访问匹配通道
[switchB]traffic behavior b0
[switchB-behavior-b0]permit
[switchB-behavior-b0]quit
[switchB]traffic behavior b1
[switchB-behavior-b1]redirect ip-nexthop 202.100.1.2
[switchB-behavior-b1]quit
[switchB]traffic behavior b2
[switchB-behavior-b2]redirect ip-nexthop 104.114.128.2
[switchB-behavior-b2]quit
5.将ACL以及外网访问策略结合
[switchB]traffic policy p1
[switchB-trafficpolicy-p1]classifier c0 behavior b0
[switchB-trafficpolicy-p1]cassifier c1 behavior b1
[switchB-trafficpolicy-p1]cassifier c2 behavior b2
[switchB-trafficpolicy-p1]quit
6.策略应用到G0/0/3入口
[switchB]interface G/0/0/3
[switchB-GigabitEthernet0/0/3]traffic-policy p1 inbound
[switchB-GigabitEthernet0/0/3]return