一,网络拓扑
二,实验说明
进制研发部,销售部访问财务部服务器
- 研发部:
- VLAN10 ,ip:192.168.10.1/24
- 销售部:
- VLAN20,ip:192.168.20.1/24
- 财务部服务器
- VLAN100,ip:192.168.100.1/24
三,VLAN配置过程
1,创建vlan10 ,vlan20,vlan30,将向相应的端口加入vlan,具体如下:
[SW1]vlan 10
[SW1-vlan10]port GigabitEthernet 1/0/1
其它vlan同上
2,配置vlan接口IP地址
[SW1]inter Vlan-interface 10
#
interface Vlan-interface10
ip address 192.168.10.254 255.255.255.0
#
return
3,配置终端PC地址,其它PC类似
4,查看路由表,vlan10,vlan20,vlan100不配置ACL是可以正常通信的
四,ACL相关配置
1,ACL高级配置
#
acl advanced 3000
rule 0 deny ip source 192.168.20.1 0 destination 192.168.100.1 0
rule 5 permit ip
#
#
acl advanced 3001
rule 0 deny ip source 192.168.10.1 0 destination 192.168.100.1 0
rule 5 permit ip
#
2,在接口interface GigabitEthernet1/0/2下执行包过滤
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
combo enable fiber
packet-filter 3000 inbound
#
3,也可以在Vlan接口执行
ACL访问控制列表基础理论:https://www.hao0564.com/5465.html