telnet制限は セグメント指定なら ip access-list telnet permit ip src 192.168.100.0/24 dest any
管理用PC限定なら ip access-list telnet permit ip src 192.168.100.1/32 dest any のどちらか
そんで telnet-server ip access-list telnet 0526anonymous2016/12/30(金) 09:39:40.95ID:??? セグメント間通信禁止は ip access-list a deny ip src 192.168.100.0/24 dest 192.168.1.0/24 ip access-list a deny ip src 192.168.60.0/24 dest 192.168.1.0/24 ip access-list a permit ip src any dest any ip access-list b deny ip src 192.168.1.0/24 dest 192.168.100.0/24 ip access-list b deny ip src 192.168.60.0/24 dest 192.168.100.0/24 ip access-list b permit ip src any dest any ip access-list c deny ip src 192.168.1.0/24 dest 192.168.60.0/24 ip access-list c deny ip src 192.168.100.0/24 dest 192.168.60.0/24 ip access-list c permit ip src any dest any 0527anonymous2016/12/30(金) 09:39:49.25ID:??? 続き interface GigaEthernet2.1 encapsulation dot1q 20 tpid 8100 auto-connect ip address 192.168.1.1/24 ip dhcp binding vlan2 ip filter a 10 in no shutdown
interface GigaEthernet2.2 encapsulation dot1q 10 tpid 8100 auto-connect ip address 192.168.100.1/24 ip proxy-arp ip dhcp binding lan ip filter b 10 in no shutdown
interface BVI0 ip address 192.168.60.1/24 ip dhcp binding vlan60 ip filter c 10 in bridge-group 1 no shutdown
>>518でも書いたけど DHCPのバインドもBVIインタフェースにね 0528anonymous2016/12/30(金) 09:48:36.03ID:???>>527でフィルタのinとoutの方向間違った.... 死んできます 0529anonymous2016/12/30(金) 10:23:19.13ID:??? この方がスッキリしていい ip access-list a deny ip src any dest 192.168.100.0/24 ip access-list a deny ip src any dest 192.168.60.0/24 ip access-list a permit ip src any dest any ip access-list b deny ip src any dest 192.168.1.0/24 ip access-list b deny ip src any dest 192.168.60.0/24 ip access-list b permit ip src any dest any ip access-list c deny ip src any dest 192.168.1.0/24 ip access-list c deny ip src any dest 192.168.100.0/24 ip access-list c permit ip src any dest any