再会

有没有办法阻止 Cisco Catalyst 3560 交换机中的特定端口以阻止用户访问 Internet，但仍然可以完全访问内部公司资源。互联网由连接到仅具有互联网功能的单独第三方路由器的端口提供。Cisco Catalyst 3560 目前向网络提供 DHCP。我也有连接到交换机的第三方 WIFI 接入点。我需要阻止的端口是 Cisco 交换机本身的静态端口。

Switch#show running-config
Building configuration...

Current configuration : 9347 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
enable secret xxx
!
username admin privilege 15 secret xxx
no aaa new-model
clock timezone UTC 2 0
system mtu routing 1500
vtp mode transparent
ip name-server 255.255.255.0
!
!
ip dhcp pool v10
 network 192.168.8.0 255.255.255.0
 default-router 192.168.8.253
 dns-server 192.168.8.253
!
ip dhcp pool v12
!
ip dhcp pool v11
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
 name Lan1
!
vlan 11
 name Internet
!
vlan 12
 name LAN2
!
vlan 13
 name Privatevlan
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel7
 description port7
!
interface Port-channel48
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/4
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/5
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/6
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/7
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/8
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/9
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/10
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/11
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/12
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/13
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/14
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/15
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/16
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/17
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/18
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/19
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
!
interface GigabitEthernet0/20
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/21
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/22
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/23
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/24
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/25
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/26
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/27
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/28
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/29
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/30
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/31
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/32
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/33
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10
 switchport trunk pruning vlan 10
 switchport private-vlan host-association 12 10
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust dscp
 auto qos trust
 macro description cisco-router
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode access
!
interface GigabitEthernet0/46
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode access
!
interface GigabitEthernet0/47
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode access
!
interface GigabitEthernet0/48
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 12
 switchport trunk allowed vlan 11
 switchport trunk pruning vlan 10
 switchport private-vlan mapping 12 11,13
 switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
 ip address 192.168.7.1 255.255.255.0
!
interface Vlan10
 ip address 192.168.8.100 255.255.255.0
!
interface Vlan11
 ip address 192.168.9.101 255.255.255.0
 shutdown
!
interface Vlan12
 no ip address
!
ip default-gateway 192.168.7.253
ip http server
ip http authentication local
ip http secure-server
!

端口 1 - 32 在 v-lan 10 中以适应网络。我所有的设备当前都连接到 vlan 10。我的 dhcp 范围是 192.168.8.xxx。