一个实用ACL实例
需求:禁止某一网段(VLAN 3)电脑不允许访问其它网段电脑网上邻居,也不允许其它网段电脑访问VLAN3网络共享,其它都允许
vlan1:192.168.1.254 vlan2:192.168.2.254 vlan3:192.168.3.254 vlan4:192.168.4.254
192.168.1.10,192.168.11,192.168.4.10,192.168.4.11是文件服务器,VLAN3需要访问
配置如下:
#access-list 100 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.10
#access-list 100 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.11
#access-list 100 permit ip 192.168.3.0 0.0.0.255
host 192.168.4.10
access-list 100 permit ip 192.168.3.0 0.0.0.255 host 192.168.4.11
#access-list 100 permit ip host 192.168.1.10
192.168.3.0 0.0.0.255
#access-list 100 permit ip host 192.168.1.11 192.168.3.0 0.0.0.255
#access-list 100 permit ip host 192.168.4.10 192.168.3.0 0.0.0.255
#access-list 100 permit ip host 192.168.4.11
192.168.3.0 0.0.0.255
#access-list 100 deny tcp any any eq 445
#access-list 100 deny tcp any any eq 139
#access-list 100 permit ip any any
#int vlan 3
#ip access-group 100 in
#ip access-group 100 out
阅读(2031) | 评论(0) | 转发(0) |