acc-list 1 permit 192168.1.0 0.0.0.255
acc-list 1 permit 172.16.1.0 0.0.0.255
ip nat inside soucre list 1 int fax/x overload
默认下三层上由于有vlan间路由, 三个vlan都能互相访问
用自反ACL来实现此要求 vlan10可以访问vlan20 ,vlan20不能访问vlan10
ip acc-list extend cisco-in
permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 reflect cisco1
permit ip any any
ip acc-list extend cisco-out
evaluate cisco1
deny 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any any
int vlan 10
ip acc-list cisco-in in
ip acc-list cisco-out out
您阅读本篇文章共花了: 
支付宝微信扫一扫,打赏作者吧~本文链接:https://kinber.cn/post/179.html 转载需授权!
推荐本站淘宝优惠价购买喜欢的宝贝:
