This is the real interface basically it has no config
interface GigabitEthernet0/1
speed 1000
duplex full
no nameif
no security-level
no ip address
Sub interface 20 (we use the same number as the VLAN)
interface GigabitEthernet0/1.20
vlan 20
nameif LAN
security-level 100
ip address 10.20.1.1 255.255.255.0 standby 10.20.1.2
Sub interface 25
interface GigabitEthernet0/1.25
vlan 25
nameif DMZ
security-level 50
ip address 10.25.8.1 255.255.255.0 standby 10.25.8.2
!
Create and apply some basic ACLs
access-list LAN extended deny ip any any log
access-list LAN line 1 extended permit icmp any any log
access-group LAN in interface LAN
access-list DMZ extended deny ip any any log
access-list DMZ line 1 extended permit icmp any any log
access-group DMZ in interface DMZ
We need to attach a trunk port to Gig0/1. It must carry the VLANs 20 and 25. This config will be done on the switch.
No comments:
Post a Comment