要求:
vlan10,vlan20中的PC3不能访问服务器
vlan 20中的PC2可以访问服务器
PC1: 192.168.10.1
网关: 192.168.10.254
PC2: 192.168.20.1
网关:192.168.20.254
PC3: 192.168.20.2
网关:192.168.20.254
服务器:172.17.5.100
网关:172.17.5.254
[LSW1] vlan batch 10 20 100
int g0/0/1
port link-type access
port default vlan 10
int g0/0/2
port link-type access
port default vlan 20
int g0/0/3
port link-type access
port default vlan 20
int g0/0/24
port link-type access
port default vlan 100
int vlanif 10
ip address 192.168.10.254 255.255.255.0
int vlanif 20
ip address 192.168.20.254 255.255.255.0
int vlanif 100
ip address 10.0.12.2 255.255.255.0
int loopback0
ip address 2.2.2.2 32
ospf 1 router id 2.2.2.2
area 0
network 0.0.0.0 0.0.0.0
[AR1]: int g0/0/1
Ip address 10.0.12.1 24
Int g0/0/0
Ip address 172.17.5.254 24
Int loopback0
Ip address 1.1.1.1 32
Ospf 1 router id 1.1.1.1
Area 0
Network 0.0.0.0 0.0.0.0
配置完以上就可以全网互通了!!!
接下来做要求
[lsw1] acl 2000
rule 5 deny source 192.168.10.0 0.0.0.255
[lsw1]int g0/0/24
traffic-filter outbound acl 200
到此,vlan10中的pc1 无法访问服务器
[AR1] acl 3000
Rule 5 deny ip source 192.168.20.2 0 destination 172.17.5.100 0
Rule 10 permit ip source any
Int g0/0/1
Traffic-filter inbound acl 3000
完成!