VLAN 之间的访问控制

时间:2021-03-17 人气:0

想了解VLAN 之间的访问控制的相关内容吗，在本文为您仔细讲解的相关知识和一些Code实例，欢迎阅读和指正，我们先划重点：VLLAANN之之间间的的访访问问控控制制，下面大家一起来学习吧。

路由器通过以太网的子口建立与下连交换机TRUNK口相连。

要求管理VLAN可以访问其它业务VLAN、办公VLAN、财务VLAN、家庭网VLAN，但是其它VLAN不可以访问管理VLAN。

下面把路由器上的配置附上：

ip access-list extended infilter

evaluate mppacket

deny ip 10.54.16.0 0.0.0.255 10.54.17.0 0.0.0.255 

deny ip 10.54.16.0 0.0.0.255 10.54.18.0 0.0.0.255 

deny ip 10.54.16.0 0.0.0.255 10.54.19.0 0.0.0.255 

deny ip 10.54.16.0 0.0.0.255 10.54.31.0 0.0.0.255 

deny ip 10.54.17.0 0.0.0.255 10.54.16.0 0.0.0.255 

deny ip 10.54.17.0 0.0.0.255 10.54.18.0 0.0.0.255 

deny ip 10.54.17.0 0.0.0.255 10.54.19.0 0.0.0.255 

deny ip 10.54.17.0 0.0.0.255 10.54.31.0 0.0.0.255 

deny ip 10.54.18.0 0.0.0.255 10.54.16.0 0.0.0.255 

deny ip 10.54.18.0 0.0.0.255 10.54.17.0 0.0.0.255 

deny ip 10.54.18.0 0.0.0.255 10.54.19.0 0.0.0.255 

deny ip 10.54.18.0 0.0.0.255 10.54.31.0 0.0.0.255 

deny ip 10.54.19.0 0.0.0.255 10.54.16.0 0.0.0.255 

deny ip 10.54.19.0 0.0.0.255 10.54.17.0 0.0.0.255 

deny ip 10.54.19.0 0.0.0.255 10.54.18.0 0.0.0.255 

deny ip 10.54.19.0 0.0.0.255 10.54.31.0 0.0.0.255 

permit ip any any 

exit

ip access-list extended outfilter

permit ip any any reflect mppacket 

exit

interface fastethernet0

ip address 10.255.49.2 255.255.255.252

exit

interface fastethernet1

exit

interface fastethernet1.1

description Guanli

ip address 10.54.31.254 255.255.255.0

encapsulation dot1q 1

exit

interface fastethernet1.2

description Yewu

ip address 10.54.17.254 255.255.255.0

encapsulation dot1q 2

ip access-group outfilter out

ip access-group infilter in

exit

interface fastethernet1.3

description Bangong

ip address 10.54.16.254 255.255.255.0

encapsulation dot1q 3

ip access-group outfilter out

ip access-group infilter in

exit

interface fastethernet1.4

description Caiwu

ip address 10.54.18.254 255.255.255.0

encapsulation dot1q 4

ip access-group outfilter out

ip access-group infilter in

exit

interface fastethernet1.5

description Jiating

ip address 10.54.19.254 255.255.255.0

encapsulation dot1q 5

ip access-group outfilter out

ip access-group infilter in

exit

ip route 0.0.0.0 0.0.0.0 10.255.49.1

文章录入：csh 责任编辑：csh

加载全部内容