华为VLAN的ACL策略应用

华为交换机的vlan隔离策略要在vlan里应用traffic policy来做
#acl number 3011
rule 5 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 10 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 15 deny ip source 192.168.4.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 20 deny ip source 192.168.5.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 25 deny ip source 192.168.6.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 30 deny ip source 192.168.7.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 35 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 40 deny ip source 192.168.9.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#traffic classifier vlan11
if-match acl 3011
#
traffic behavior vlan11
deny
#
traffic policy vlan11
classifier vlan11 behavior vlan11
#
vlan 11
traffic-policy vlan11 outbound

vlan 11 是192.168.1.0段
策略是禁止192.168.2-9.0段访问192.168.1.0段

上一篇:思科模拟器配置-ACL配置 实训


下一篇:微型计算机简单并行接口实验