route#config t enter configuration commands, one per line. end with cntl/z. route(config)#int fa0/1 route(config-if)#ip access-group 112 in 然后，在这个组里面，写入 允许 上网 的主机地址（配置要在全局下配置）。最后加一条，不符合以上条件者，
route#config t
enter configuration commands, one per line.  end with cntl/z.
route(config)#int fa0/1
route(config-if)#ip access-group 112 in
然后，在这个组里面，写入允许上网的主机地址（配置要在全局下配置）。最后加一条，不符合以上条件者，全部过滤。
access-list 112 permit ip host 192.168.0.160 any
access-list 112 permit ip host 192.168.0.161 any
access-list 112 permit ip host 192.168.0.162 any
access-list 112 permit ip host 192.168.0.163 any
access-list 112 permit ip host 192.168.0.164 any
access-list 112 permit ip host 192.168.0.165 any
access-list 112 permit ip host 192.168.0.166 any
access-list 112 permit ip host 192.168.0.167 any
access-list 112 permit ip host 192.168.0.168 any
access-list 112 permit ip host 192.168.0.169 any
access-list 112 permit ip host 192.168.0.170 any
access-list 112 permit ip host 192.168.0.171 any
access-list 112 permit ip host 192.168.0.172 any
access-list 112 permit ip host 192.168.0.173 any
access-list 112 permit ip host 192.168.0.174 any
access-list 112 permit ip host 192.168.0.175 any
access-list 112 permit ip host 192.168.0.151 any
access-list 112 permit ip host 192.168.0.5 any
access-list 112 deny   ip any any
在这个表中，我允许了160-175可以访问公网。还有一条比较特殊，因为我们公司有web代理服务器。服务器地址为5。所以一定要允许代理服务器 访问网关。要不公司里允许上网的人也打不开网页了！如果公司有web,ftp,mail应该把这些服务器地址，添加到访问控制列表中。以保证他们正常工作！
【责编:peter】