1.拓扑图
2.配置
AR1配置
[AR1]
#
vlan batch 10 to 11
#
interface Vlanif10
ip address 192.168.3.254 255.255.252.0
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
#
interface Ethernet0/0/7
port link-type trunk
port trunk allow-pass vlan 10 to 11
LSW1配置
基本配置
[LSW1]
#
vlan batch 10 to 11
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 10 to 11
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 11
配置高级ACL并调用
[LSW1]
#
acl number 3000
rule 10 deny ip source 192.168.0.0 0.0.1.255 destination 192.168.11.0 0.0.0.255
rule 15 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.0.0 0.0.1.255
#
interface GigabitEthernet0/0/24
traffic-filter outbound acl 3000
3.检验
192.168.11.20终端设备ping AR1上的地址正常,ping192.168.0.20终端失败
G0/0/24端口取消调用ACL3000
[LSW1]
#
int g0/0/24
undo traffic-filter outbound acl 3000 再次ping 192.168.0.20设备,通路