我现在是在3324SRI上分了5VLAN,现在把192.168.21.0/24,192.168.22.0/24,192.168.24.0/24,192.168.25.0/24这四个网段可以和192.168.3.0/24网段的机器互相通讯而不允许和192.168.23.0/24网段的机器互相访问.

config vlan default delete 1-12

create vlan vlan1 tag 10          

create vlan vlan2 tag 20          

create vlan vlan3 tag 30   

create vlan vlan4 tag 40

create vlan vlan5 tag 50

create vlan vlan6 tag 60

config vlan vlan1 add untagged 1-2

config vlan vlan2 add untagged 3-4

config vlan vlan3 add untagged 5

config vlan vlan4 add untagged 7-8

config vlan vlan5 add untagged 9-10

config vlan vlan6 add untagged 11-12

create ipif if_vlan1 192.168.21.253/24 vlan1 state enable

create ipif if_vlan2 192.168.22.253/24 vlan2 state enable

create ipif if_vlan3 192.168.23.253/24 vlan3 state enable

create ipif if_vlan4 192.168.24.253/24 vlan4 state enable

create ipif if_vlan5 192.168.25.253/24 vlan5 state enable

create ipif if_vlan6 192.168.3.253/24 vlan6 state enable

create access_profile ip source_ip_mask 255.255.255.0 destination_ip_mask  255.255.255.0 profile_id 10

config access_profile profile_id 10 add access_id 10 ip source_ip 192.168.23.253 destination_ip 192.168.21.253 port 1- 5 deny

config access_profile profile_id 10 add access_id 20 ip source_ip 192.168.23.253 destination_ip 192.168.22.253 port 1- 5 deny

后面以此类推