配置要求:
两个Vlan,一个vlan10,一个vlan20,禁止vlan10和vlan20之间互访
允许 192.168.20.100 访问 192.168.10.100
1、创建ACL规则
(config)#ip access-list extended VLAN10(ACL规则名)
(config-ext-nacl)#30 permit ip host 192.168.10.100 host 192.168.20.100 #允许192.168.20.100访问192.168.10.100
2、将ACL应用到 vlan10
(config)#interface vlan 10 #创建vlan10的SVI接口
(config-if)#ip access-group VLAN10 in #将扩展ACL应用到vlan10的SVI接口下
- Extended IP access list VLAN10
- 30 permit ip host 192.168.10.100 host 192.168.20.100
- 50 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
- 100 permit ip any any
- Extended IP access list VLAN20
- 100 permit ip any any
注:ACL规则后面都需要加个 permit ip any any
原创文章,作者:wwh,如若转载,请注明出处:https://www.wuwenhui.cn/3549.html
微信扫一扫 
支付宝扫一扫 
