任何網段要與Vlan 10 互通,但 Vlan 20~30不互通,方法有兩種可以參考
ip routing 啟動中
interface Vlan10
ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
!
interface Vlan30
ip address 192.168.30.254 255.255.255.0
!
方法一
vlan filter vlan20 vlan-list 20
vlan filter vlan30 vlan-list 30
vlan access-map vlan20 10
match ip address 103
action forward
vlan access-map vlan30 10
match ip address 104
action forward
定義ACL 編號及原則
access-list 103 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 103 permit ip any any
access-list 104 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 104 permit ip any any
用方法一設定,當兩個互不相通的網段互ping時,則會出現
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
方法二
定義ACL 編號及原則
access-list 103 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 103 permit ip any any
access-list 104 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 104 permit ip any any
interface vlan 20 進到vlan 20裡
ip access-group 103 in 套用acl 編號103
interface vlan 30
ip access-group 104 in
用方法二設定,當兩個戶不相通的網段互ping,會出現以下訊息
Request timeout for icmp_seq 13
36 bytes from 192.168.20.254: Communication prohibited by filter
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 a3eb 0 0000 40 01 2267 192.168.20.10 192.168.30.252
Request timeout for icmp_seq 14
36 bytes from 192.168.20.254: Communication prohibited by filter
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 99fd 0 0000 40 01 2c55 192.168.20.10 192.168.30.252
HP DL380 Gen9 Rack Server in UAE, Proliant 2U Rack Server in UAE, Rack Server in UAE
回覆刪除https://gccgamers.com/hp-dl380.html
HP DL380 Gen9 Rack Server in UAE, Safe Shopping Multiple Payment Options Express Delivery GCC Gamers Moneyback Guarantee.
1634525107215-11