在s7706上,要隔绝两个vlan在三层上的通信,用ACL来实现的话,大概配置过程是怎样的?
三层的话,用ACL来实现,比如:
vlan 2:192.168.2.0/255.255.255.0
vlan 3:192.168.3.0/255.255.255.0
vlan 4:192.186.4.0/255.255.255.0
vlan2\vlan3\vlan4相互之间不能访问
acl number 3002
rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
acl number 3003
rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
acl number 3004
rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
用traffic-filter在vlan下应用ACL,
traffic-filter vlan 2 inbound acl 3002
traffic-filter vlan 3 inbound acl 3003
traffic-filter vlan 4 inbound acl 3004
