Cisco三層交換機ACL配置實例

配置要求:

 

兩個Vlan,一個vlan10,一個vlan20,禁止vlan10和vlan20之間互訪

允許 192.168.20.100 訪問 192.168.10.100

 

1、創建ACL規則

 

(config)#ip access-list extended VLAN10(ACL規則名)

(config-ext-nacl)#30 permit ip host 192.168.10.100 host 192.168.20.100???????????? #允許192.168.20.100訪問192.168.10.100

 

2、將ACL應用到 vlan10

 

(config)#interface vlan 10???????????????????????????? #創建vlan10的SVI接口

(config-if)#ip access-group?VLAN10 in???????? #將擴展ACL應用到vlan10的SVI接口下

 

  1. Extended?IP?access?list?VLAN10
  2. ????30?permit?ip?host?192.168.10.100?host?192.168.20.100
  3. ????50?deny?ip?192.168.10.0?0.0.0.255?192.168.20.0?0.0.0.255
  4. ????100?permit?ip?any?any
  5. Extended?IP?access?list?VLAN20
  6. ????100?permit?ip?any?any

 

注:ACL規則后面都需要加個 permit ip any any

發表評論

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: