description dev_mgmt //描述
encapsulation dot1Q 101 //封裝VLAN101
ip address 172.21.1.1 255.255.255.0 //配置IP
!
ip forward-protocol nd
ip 0/0 overload //120列表匹配的IP通過FastEthernet0/0PAT上網
ip nat inside source static tcp 172.21.30.208 80 58.56.49.10 80 extendable //靜態映射80端口
ip nat inside source static tcp 172.21.30.208 8080 58.56.49.10 8080 extendable //靜態映射8080端口
ip nat inside source static tcp 172.21.30.208 37777 58.56.49.10 37777 extendable //靜態映射37777端口
ip route 0.0.0.0 0.0.0.0 58.56.49.9 //默認路由指向58.56.49.9(應該是公網出口下壹跳)
ip route 172.21.0.0 255.255.0.0 172.21.2.4 //靜態路由
!
logging esm config
access-list 1 permit 172.21.0.0 0.0.255.255 //訪問控制列表ACL1,允許172.21.0.0/16網段通過
access-list 2 permit 124.127.202.166
access-list 2 permit 222.175.133.107
access-list 101 permit ip 172.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255 //ACL101,允許172.21.0.0/16到192.168.0.0/16的流量通過
access-list 102 permit ip 172.21.0.0 0.0.255.255 172.18.0.0 0.0.255.255 //ACL102,允許172.21.0.0/16到172.18.0.0/16的流量通過
access-list 103 permit ip host 124.127.202.166 any
access-list 103 permit ip host 222.175.133.107 any
access-list 120 deny ip 172.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 120 deny ip 172.21.0.0 0.0.255.255 172.18.0.0 0.0.255.255
access-list 120 permit ip 172.21.8.0 0.0.0.255 any
access-list 120 permit ip 172.21.11.0 0.0.0.255 any
access-list 120 permit ip 172.21.12.0 0.0.0.255 any
access-list 120 permit ip 172.21.30.0 0.0.0.255 any