acl简单介绍:
普通ACL:2000 - 2999 , 根据源IP地址过滤;
高级ACL:3000 - 3999 , 根据源目的IP地址和源目的端口进行过滤;
二层ACL:4000 - 4999 , 根据源目的mac地址等过滤。
登录交换机,进入配置模式:
[SW-Core]acl number 3001
[SW-Core-acl-adv-3001]rule 10 deny ip source 172.30.102.0 0.0.0.255 destination 172.30.0.0 0.0.255.255
[SW-Core-acl-adv-3001]rule 20 deny ip source 172.30.102.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
[SW-Core]traffic classifier 3001 operator and
[SW-Core-classifier-3001]if-match acl 3001
[SW-Core]traffic behavior 3001
[SW-Core-behavior-3001]permit
[SW-Core]traffic policy 3001 match-order config
[SW-Core-trafficpolicy-3001]classifier 3001 behavior 3001
进入vlan配置
[SW-Core]vlan 102
[SW-Core-vlan102]traffic-policy 3001 inbound
好了,acl策略已配置完毕,但有个问题点是,该vlan还是可以访问网关IP地址。
原文:https://blog.51cto.com/2221384/2679228