Cisco IOS Cookbook 中文精简版第二十七章安全(完)

27.3.  透明IOS防火墙

提问 配置路由器作为2层防火墙

回答

首先配置Integrated Routing and Bridging (IRB)的支持

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#bridge 1 protocol ieee

Router1(config)#interface FastEthernet0/0

Router1(config-if)#bridge-group 1

Router1(config-if)#interface FastEthernet0/1

Router1(config-if)#bridge-group 1

Router1(config-if)#exit

Router1(config)#bridge irb

Router1(config)#bridge 1 route ip

Router1(config)#interface BVI1

Router1(config-if)#ip address 172.25.1.101 255.255.255.0

Router1(config-if)#no shutdown

Router1(config-if)#end

Router1#

然后配置防火墙的检查规则和ACL

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip inspect name OREILLY tcp

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip inspect OREILLY in

Router1(config-if)#exit

Router1(config)#access-list 111 deny tcp any host 172.25.1.102 eq 23

Router1(config)#access-list 111 permit ip any any

上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] 下一页

复制本页网址和标题，发送给你QQ/Msn的好友一起分享

上一篇:Cisco IOS Cookbook 中文精简版第二十四章移动IP

下一篇:Cisco PIX防火墙配置命令大全