刚跳槽到新公司,领导表示交换机的ACL不起作用,办公网段40和服务器网段30没有隔离。telnet进交换机查看配置后发现办公网段已经有access-list 10,内容如下:

access-list 10 deny 192.168.40.0

access-list 10 deny 192.168.20.0

access-list 10 deny 192.168.21.0

access-list 10 permit any


inter vlan 30

ip access-group 10 in


no掉ACL 10后重写为:

access-list 10 deny   192.168.40.0 0.0.0.255

access-list 10 deny   192.168.20.0 0.0.0.255

access-list 10 deny   192.168.21.0 0.0.0.255

access-list 10 permit any


inter vlan 30

ip access-group 10 out


保存配置后办公网段已经无法和服务器网段通信。


wKiom1N-ujTR_gkKAACnxfh_knI483.jpg