在Cisco catalyst2950交换机上,通过配置extended ACL来实现端口与IP的绑定。
配置如下:
2950#show run
Current configuration : 5396 bytes
!
version 12.1
no service pad
service timestamps debug uptime
servicetimestamps log uptime
no service password-encryption
!
hostname 2950
!
enable secret 5 $1$kJ.v$gF4osmkOwfvOy7vkwI3j/.
Current configuration : 5396 bytes
!
version 12.1
no service pad
service timestamps debug uptime
servicetimestamps log uptime
no service password-encryption
!
hostname 2950
!
enable secret 5 $1$kJ.v$gF4osmkOwfvOy7vkwI3j/.
!
ip subnet-zero
!
no ip domain-lookup
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree uplinkfast
!
interface FastEthernet0/1
switchport access vlan 30
switchport mode access
ip access-group ip1 in
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
ip access-group ip2 in
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
ip access-group ip3 in
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
ip access-group ip4 in
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
ip access-group ip5 in
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
ip access-group ip6 in
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
ip access-group ip7 in
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
ip access-group ip8 in
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
ip access-group ip9 in
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
ip access-group ip10 in
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
ip access-group ip11 in
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
ip access-group ip12 in
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
ip access-group ip13 in
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
ip access-group ip14 in
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
ip access-group ip15 in
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
ip access-group ip16 in
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
ip access-group ip17 in
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
ip access-group ip18 in
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
ip access-group ip19 in
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
ip access-group ip20 in
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
ip access-group ip21 in
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
ip subnet-zero
!
no ip domain-lookup
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree uplinkfast
!
interface FastEthernet0/1
switchport access vlan 30
switchport mode access
ip access-group ip1 in
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
ip access-group ip2 in
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
ip access-group ip3 in
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
ip access-group ip4 in
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
ip access-group ip5 in
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
ip access-group ip6 in
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
ip access-group ip7 in
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
ip access-group ip8 in
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
ip access-group ip9 in
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
ip access-group ip10 in
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
ip access-group ip11 in
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
ip access-group ip12 in
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
ip access-group ip13 in
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
ip access-group ip14 in
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
ip access-group ip15 in
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
ip access-group ip16 in
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
ip access-group ip17 in
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
ip access-group ip18 in
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
ip access-group ip19 in
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
ip access-group ip20 in
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
ip access-group ip21 in
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
ip access-group ip22 in
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
ip access-group ip23 in
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
ip access-group ip24 in
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
spanning-tree stack-port
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan100
ip address 192.168.100.22 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.100.254
ip http server
!
ip access-list extended ip1
permit ip host 192.168.30.1 any
ip access-list extended ip10
permit ip host 192.168.30.10 any
ip access-list extended ip11
permit ip host 192.168.30.11 any
ip access-list extended ip12
permit ip host 192.168.30.12 any
ip access-list extended ip13
permit ip host 192.168.30.13 any
ip access-list extended ip14
permit ip host 192.168.30.14 any
ip access-list extended ip15
permit ip host 192.168.30.15 any
ip access-list extended ip16
permit ip host 192.168.30.16 any
ip access-list extended ip17
permit ip host 192.168.30.17 any
ip access-list extended ip18
permit ip host 192.168.30.18 any
ip access-list extended ip19
permit ip host 192.168.30.19 any
ip access-list extended ip2
permit ip host 192.168.30.2 any
ip access-list extended ip20
permit ip host 192.168.30.20 any
ip access-list extended ip21
permit ip host 192.168.30.21 any
ip access-list extended ip22
permit ip host 192.168.30.22 any
ip access-list extended ip23
permit ip host 192.168.30.23 any
ip access-list extended ip24
permit ip host 192.168.30.24 any
ip access-list extended ip3
permit ip host 192.168.30.3 any
ip access-list extended ip4
permit ip host 192.168.30.4 any
ip access-list extended ip5
permit ip host 192.168.30.5 any
ip access-list extended ip6
ip access-list extended ip5
permit ip host 192.168.30.5 any
ip access-list extended ip6
permit ip host 192.168.30.6 any
ip access-list extended ip7
permit ip host 192.168.30.7 any
ip access-list extended ip8
permit ip host 192.168.30.8 any
ip access-list extended ip9
permit ip host 192.168.30.9 any
snmp-server community private RO
!
line con 0
line vty 0 4
password !@#$%
login
line vty 5 15
password !@#$%
login
!
!
end
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
ip access-group ip23 in
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
ip access-group ip24 in
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
spanning-tree stack-port
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan100
ip address 192.168.100.22 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.100.254
ip http server
!
ip access-list extended ip1
permit ip host 192.168.30.1 any
ip access-list extended ip10
permit ip host 192.168.30.10 any
ip access-list extended ip11
permit ip host 192.168.30.11 any
ip access-list extended ip12
permit ip host 192.168.30.12 any
ip access-list extended ip13
permit ip host 192.168.30.13 any
ip access-list extended ip14
permit ip host 192.168.30.14 any
ip access-list extended ip15
permit ip host 192.168.30.15 any
ip access-list extended ip16
permit ip host 192.168.30.16 any
ip access-list extended ip17
permit ip host 192.168.30.17 any
ip access-list extended ip18
permit ip host 192.168.30.18 any
ip access-list extended ip19
permit ip host 192.168.30.19 any
ip access-list extended ip2
permit ip host 192.168.30.2 any
ip access-list extended ip20
permit ip host 192.168.30.20 any
ip access-list extended ip21
permit ip host 192.168.30.21 any
ip access-list extended ip22
permit ip host 192.168.30.22 any
ip access-list extended ip23
permit ip host 192.168.30.23 any
ip access-list extended ip24
permit ip host 192.168.30.24 any
ip access-list extended ip3
permit ip host 192.168.30.3 any
ip access-list extended ip4
permit ip host 192.168.30.4 any
ip access-list extended ip5
permit ip host 192.168.30.5 any
ip access-list extended ip6
ip access-list extended ip5
permit ip host 192.168.30.5 any
ip access-list extended ip6
permit ip host 192.168.30.6 any
ip access-list extended ip7
permit ip host 192.168.30.7 any
ip access-list extended ip8
permit ip host 192.168.30.8 any
ip access-list extended ip9
permit ip host 192.168.30.9 any
snmp-server community private RO
!
line con 0
line vty 0 4
password !@#$%
login
line vty 5 15
password !@#$%
login
!
!
end
2950#