1. 技术文章
  2. 通过acl限制vlan间通信

通过acl限制vlan间通信

谁都会走 提交于 2019-12-06 10:01:41

作者:【吴业亮】云计算开发工程师
博客:http://blog.csdn.net/wylfengyujiancheng

拓扑:
这里写图片描述

目标:
1、pc1和pc2互信通信
2、pc2和pc3互信通信
3、pc1和pc3无法通信

创建acl

acl 3000
rule 1 deny ip source 172.16.10.0 0.0.0.255 destination 172.16.30.0 0.0.0.255

应用acl


[Huawei]interface  GigabitEthernet 0/0/3

[Huawei-GigabitEthernet0/0/3] undo traffic-filter outbound acl 3000

附录:
交换机配置

[Huawei]display  current-configuration 
#
sysname Huawei
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
acl number 3000
 rule 1 deny ip source 172.16.10.0 0.0.0.255 destination 172.16.30.0 0.0.0.255
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 172.16.10.1 255.255.255.0
#
interface Vlanif20
 ip address 172.16.20.1 255.255.255.0
#
interface Vlanif30
 ip address 172.16.30.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 30
 traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
标签
acl
通信
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!