在我這一邊的網路都設定完畢後確認個網段都可連上Internet後,接下來因為主管考量需要和原辦公室網路能實體切開(因為原單位IT日後會搬走但是近期還是在同一辦公區)。
所以我和原辦公司網段會串接起來~~
但我只開放我用戶的網段和特定主機IP可以去聯原來辦公室的相關必要主機,再用用戶端移轉時會將用戶端的網路線跳到我這邊的switch。
串接網路方式~~
兩個公司的L3 3750 設定router port
我這邊
interface GigabitEthernet1/0/22
no switchport
ip address 192.168.253.1 255.255.255.252
ip route x.x.x..33 255.255.255.255 192.168.253.2
ip route x.x.x..201 255.255.255.255 192.168.253.2
ip route x.x.x..204 255.255.255.255 192.168.253.2
ip route x.x.x..205 255.255.255.255 192.168.253.2
ip route x.x.x..215 255.255.255.255 192.168.253.2
ip route x.x.x.228 255.255.255.255 192.168.253.2
ip route x.x.x..230 255.255.255.255 192.168.253.2
ip route x.x.x..232 255.255.255.255 192.168.253.2
ip route x.x.x..163 255.255.255.255 192.168.253.2
ip route x.x.x..250 255.255.255.255 192.168.253.2
對方設定:有設定ststic roture 及 acl 只讓我的網段和特定IP可以連線雙方討論過的主機群
interface GigabitEthernet2/0/1
no switchport
ip address 192.168.253.2 255.255.255.252
ip access-group IP-WIS in
no ip redirects
no ip unreachables
no ip proxy-arp
end
—
Extended IP access list IP-WIS
permit ip 10.65.114.0 0.0.1.255 host x.x.x..201
permit ip 10.65.114.0 0.0.1.255 host x.x.x.204
permit ip 10.65.114.0 0.0.1.255 host x.x.x..215
permit ip 10.65.114.0 0.0.1.255 host x.x.x..228
permit ip 10.65.114.0 0.0.1.255 host x.x.x..230
permit ip 10.65.114.0 0.0.1.255 host x.x.x..232
permit ip 10.65.112.0 0.0.0.7 host x.x.x..33
permit ip 10.65.112.0 0.0.0.7 host x.x.x..201
permit ip 10.65.112.0 0.0.0.7 host x.x.x..250
本篇瀏覽人數: 1994
