API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2019
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.94 KB | None | 0 0
raw download clone embed print report
  1. conf t
  2. access-list 10 deny 192.168.50.0 0.0.0.255
  3. access-list 10 permit any
  4. end
  5.  
  6. # VLAN 1 DEFAULT NATIVE
  7. conf t
  8. vlan 1
  9. interface vlan 1
  10. ip address 192.168.0.1 255.255.255.0
  11. ip nat inside
  12. ip access-group 10 out
  13. end
  14.  
  15. # VLAN 20
  16. conf t
  17. vlan 20
  18. name Dev
  19. interface vlan 20
  20. ip address 192.168.20.1 255.255.255.0
  21. ip nat inside
  22. ip access-group 10 out
  23. end
  24.  
  25. $ ping 192.168.0.200
  26. PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
  27. From 192.168.50.1 icmp_seq=1 Packet filtered
  28. From 192.168.50.1 icmp_seq=2 Packet filtered
  29. From 192.168.50.1 icmp_seq=3 Packet filtered
  30.  
  31. $ ping 192.168.0.1
  32. PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
  33. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=17.9 ms
  34. 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=30.4 ms
  35.  
  36. $ ping 192.168.20.1
  37. PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
  38. 64 bytes from 192.168.20.1: icmp_seq=1 ttl=255 time=2.73 ms
  39. 64 bytes from 192.168.20.1: icmp_seq=2 ttl=255 time=23.7 ms
  40.  
  41. vlan internal allocation policy ascending
  42. !
  43. !
  44. !
  45. !
  46. !
  47. !
  48. interface Loopback0
  49. ip address 1.1.1.1 255.255.255.255
  50. !
  51. interface GigabitEthernet0/0/0
  52. description WAN
  53. ip address x.x.x.x 255.255.255.252
  54. ip nat outside
  55. negotiation auto
  56. !
  57. interface GigabitEthernet0/0/1
  58. no ip address
  59. shutdown
  60. negotiation auto
  61. !
  62. interface GigabitEthernet0/1/0
  63. switchport mode trunk
  64. switchport nonegotiate
  65. !
  66. interface GigabitEthernet0/1/1
  67. shutdown
  68. !
  69. interface GigabitEthernet0/1/2
  70. switchport access vlan 10
  71. switchport mode access
  72. !
  73. interface GigabitEthernet0/1/3
  74. switchport access vlan 20
  75. switchport mode access
  76. !
  77. interface GigabitEthernet0/1/4
  78. shutdown
  79. !
  80. interface GigabitEthernet0/1/5
  81. shutdown
  82. !
  83. interface GigabitEthernet0/1/6
  84. switchport mode access
  85. !
  86. interface GigabitEthernet0/1/7
  87. switchport mode access
  88. !
  89. interface Vlan1
  90. ip address 192.168.0.1 255.255.255.0
  91. ip nat inside
  92. ip access-group 10 in
  93. !
  94. interface Vlan10
  95. ip address 192.168.10.1 255.255.255.0
  96. ip nat inside
  97. ip access-group 10 out
  98. !
  99. interface Vlan20
  100. ip address 192.168.20.1 255.255.255.0
  101. ip nat inside
  102. ip access-group 10 out
  103. !
  104. interface Vlan50
  105. ip address 192.168.50.1 255.255.255.0
  106. ip nat inside
  107. !
  108. ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
  109. ip forward-protocol nd
  110. no ip http server
  111. ip http secure-server
  112. ip dns server
  113. ip route 0.0.0.0 0.0.0.0 x.x.x.x
  114. !
  115. !
  116. ip access-list standard NAT
  117. permit 192.168.10.0 0.0.0.255
  118. permit 192.168.0.0 0.0.0.255
  119. permit 192.168.20.0 0.0.0.255
  120. permit 192.168.50.0 0.0.0.255
  121. !
  122. access-list 10 deny 192.168.50.0 0.0.0.255
  123. access-list 10 permit any
  124. !
  125. !
  126. !
  127. !
  128. control-plane
  129. !
  130. !
  131. line con 0
  132. transport input none
  133. stopbits 1
  134. line vty 0 4
  135. login local
  136. transport input ssh
  137. !
  138. wsma agent exec
  139. !
  140. wsma agent config
  141. !
  142. wsma agent filesys
  143. !
  144. wsma agent notify
  145. !
  146. !
  147. end
  148.  
  149. access-list 10 deny 192.168.50.0 0.0.0.255
  150. access-list 10 permit any
  151.  
  152. access-list 20 deny 192.168.0.0 0.0.0.255
  153. access-list 20 deny 192.168.10.0 0.0.0.255
  154. access-list 20 deny 192.168.20.0 0.0.0.255
  155. access-list 20 permit any
  156.  
  157. interface Vlan1
  158. ip address 192.168.0.1 255.255.255.0
  159. ip nat inside
  160. ip access-group 10 out
  161.  
  162. interface Vlan10
  163. ip address 192.168.10.1 255.255.255.0
  164. ip nat inside
  165. ip access-group 10 out
  166.  
  167. interface Vlan20
  168. ip address 192.168.20.1 255.255.255.0
  169. ip nat inside
  170. ip access-group 10 out
  171.  
  172. interface Vlan50
  173. ip address 192.168.50.1 255.255.255.0
  174. ip nat inside
  175. ip access-group 20 out
  176.  
  177. conf t
  178. ip access-list extended GUESTSACL
  179. deny ip 192.168.50.0 0.0.0.255 192.168.0.0 0.0.0.255
  180. deny ip 192.168.50.0 0.0.0.255 192.168.10.0 0.0.0.255
  181. deny ip 192.168.50.0 0.0.0.255 192.168.20.0 0.0.0.255
  182. permit ip any any
  183. end
  184. conf t
  185. int vlan 50
  186. ip access-group GUESTSACL in
  187. end
  188.  
  189. conf t
  190. interface vlan 50
  191. no ip unreachables
  192. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!