需求:1、VLAN 10可以和20 30互访
2、20跟30不能互相访问
创建vlan,配置网关
[SW]int GigabitEthernet 0/0/1
[SW-GigabitEthernet0/0/1]po
[SW-GigabitEthernet0/0/1]port lin
[SW-GigabitEthernet0/0/1]port link-ty
[SW-GigabitEthernet0/0/1]port link-type acc
[SW-GigabitEthernet0/0/1]port link-type access //将端口改为access模式
[SW-GigabitEthernet0/0/1]
[SW-GigabitEthernet0/0/1]po
[SW-GigabitEthernet0/0/1]port
[SW-GigabitEthernet0/0/1]port default vl
[SW-GigabitEthernet0/0/1]port default vlan 10 //将端口加入对应的vlan
[SW-GigabitEthernet0/0/1]q
[SW]int Gi
[SW]int GigabitEthernet 0/0/2
[SW-GigabitEthernet0/0/2]po
[SW-GigabitEthernet0/0/2]port lin
[SW-GigabitEthernet0/0/2]port link-ty
[SW-GigabitEthernet0/0/2]port link-type acc
[SW-GigabitEthernet0/0/2]port link-type access
[SW-GigabitEthernet0/0/2]
[SW-GigabitEthernet0/0/2]po
[SW-GigabitEthernet0/0/2]port def
[SW-GigabitEthernet0/0/2]port default vl
[SW-GigabitEthernet0/0/2]port default vlan 20
[SW-GigabitEthernet0/0/2]int Gi
Aug 4 2021 10:04:55-08:00 SW DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 14, the c
hange loop count is 0, and the maximum number of records is 4095.0/0/3
[SW-GigabitEthernet0/0/3]
[SW-GigabitEthernet0/0/3]po
[SW-GigabitEthernet0/0/3]port -lin
[SW-GigabitEthernet0/0/3]port lin
[SW-GigabitEthernet0/0/3]port link-t
[SW-GigabitEthernet0/0/3]port link-type acc
[SW-GigabitEthernet0/0/3]port link-type access
[SW-GigabitEthernet0/0/3]
[SW-GigabitEthernet0/0/3]po
[SW-GigabitEthernet0/0/3]port def
[SW-GigabitEthernet0/0/3]port default vlan 30
[SW-GigabitEthernet0/0/3]q
[SW]ac
[SW]acl 3000
[SW-acl-adv-3000]
[SW-acl-adv-3000]ru
[SW-acl-adv-3000]rule 5 de
[SW-acl-adv-3000]rule 5 deny
[SW-acl-adv-3000]rule 5 deny ip source 192.168.20.0 0.0.0.255 des
[SW-acl-adv-3000]rule 5 deny ip source 192.168.20.0 0.0.0.255 destination 192.16
8.30.0 0.0.0.255
[SW-acl-adv-3000]
[SW-acl-adv-3000]ru
[SW-acl-adv-3000]rule
[SW-acl-adv-3000]rule 10 deny ip sou
[SW-acl-adv-3000]rule 10 deny ip source 192.168.30.0 0.0.0.255 des
[SW-acl-adv-3000]rule 10 deny ip source 192.168.30.0 0.0.0.255 destination 192.1
68.20.0 0.0.0.255
[SW-acl-adv-3000]q
[SW]ac
[SW]acl 3000
[SW-acl-adv-3000]rule 15 p
[SW-acl-adv-3000]rule 15 permit ip sou
[SW-acl-adv-3000]rule 15 permit ip source an
[SW-acl-adv-3000]rule 15 permit ip source any
[SW]tra
[SW]traffic-fi
[SW]traffic-filter in
[SW]traffic-filter inbound ac
[SW]traffic-filter inbound acl 3000 //流量过滤
PC1可以ping通PC2、PC3
PC2和PC3不能互访