配置VLAN,指定接口IP
ciscoasa(config)# interface vlan 1 ciscoasa(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. ciscoasa(config-if)# ip address 192.168.15.1 255.255.255.0 ciscoasa(config-if)# exit
ciscoasa(config)# interface vlan 2 ciscoasa(config-if)# nameif outside0 INFO: Security level for "outside0" set to 0 by default. ciscoasa(config-if)# ip address 192.168.3.100 255.255.252.0
ciscoasa(config)# interface vlan 3 ciscoasa(config-if)# nameif outside1 INFO: Security level for "outside1" set to 0 by default. ciscoasa(config-if)# ip address 10.20.30.40 255.255.255.0
验证配置
将端口加入VLAN组
ciscoasa(config)# interface ethernet 0/2 ciscoasa(config-if)# switchport mode trunk ciscoasa(config-if)# switchport trunk allowed vlan 1 ciscoasa(config-if)# switchport trunk native vlan 1 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit
ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# switchport access vlan 2 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit
ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# switchport access vlan 3 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit
验证配置
开启DHCP服务
ciscoasa(config)# dhcpd address 192.168.15.200-192.168.15.254 inside ciscoasa(config)# dhcpd dns 8.8.8.8 8.8.4.4 ciscoasa(config)# dhcpd enable inside
定义对象
ciscoasa(config)# object network obj_any ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
添加NAT规则
ciscoasa(config-network-object)# nat (inside,outside0) dynamic inerface dns ciscoasa(config-network-object)# exit
添加默认路由
ciscoasa(config)# route outside0 0.0.0.0 0.0.0.0 192.168.1.254