一、NAT实验配置

通过基本ACL匹配VLAN 10网段，然后在出口设备NAT转换只要匹配到VLAN10地址则进行转换。

核心交换机

# 配置VLAN和默认路由，配置Trunk和Access接口
interface Vlanif10ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30ip address 10.0.0.2 255.255.255.252interface GigabitEthernet0/0/1port link-type accessport default vlan 30
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 10
#
interface GigabitEthernet0/0/3port link-type accessport default vlan 20# 路由
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1

出口路由器

# 配送路由和ACL以及NAT
acl number 2000  rule 10 permit source 192.168.10.0 0.0.0.255 # 配置路由
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ip route-static 192.168.10.0 255.255.255.0 10.0.0.2
ip route-static 192.168.20.0 255.255.255.0 10.0.0.2# 配置接口地址，配置NAT与ACL匹配
interface GigabitEthernet0/0/0ip address 12.1.1.1 255.255.255.252 nat outbound 2000
#
interface GigabitEthernet0/0/1ip address 10.0.0.1 255.255.255.252 

中间路由器：

interface GigabitEthernet0/0/0ip address 12.1.1.2 255.255.255.252 
#
interface GigabitEthernet0/0/1ip address 23.1.1.2 255.255.255.252 
#
ip route-static 8.8.8.8 255.255.255.255 23.1.1.1

AR3:

interface GigabitEthernet0/0/1ip address 23.1.1.1 255.255.255.252 
#
interface LoopBack0ip address 8.8.8.8 255.255.255.255 
#
ip route-static 0.0.0.0 0.0.0.0 23.1.1.2

PC1:正常访问8.8.8.8

PC2：没有进行NAT转换，访问超时

二、ACL流量过滤实验

正常配置access接口，划分VLAN，创建高级ACL匹配流量，然后调用过滤策略。

# 创建高级ACL，先匹配拒绝，然后再允许其它的访问流量
acl number 3000rule 5 deny ip source 192.168.10.1 0 destination 192.168.20.2 0rule 10 permit ip source 192.168.10.1 0# 接口配置
#
interface Vlanif10ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20ip address 192.168.20.254 255.255.255.0
#
interface Vlanif30ip address 10.0.0.2 255.255.255.252# 应用过滤策略
# 可以在全局应用流量过滤
traffic-filter inbound acl 3000# 或者在入接口和出接口应用，在G0/0/2，入方向过滤或者在G0/0/4出方向过滤
interface GigabitEthernet0/0/2port link-type accessport default vlan 10traffic-filter inbound acl 3000#
interface GigabitEthernet0/0/4port link-type accessport default vlan 20traffic-filter outbound acl 3000

结果：