[S5300]acl 3000
[S5300-acl-adv-3000]rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255-------不能互訪的兩個網段
[[S5300-acl-adv-3000]rule 1 permit ip source 2.2.2.0 0.0.0.255 destination 1.1.1.0 0.0.0.255
[S5300-acl-basic-2000]quit
[S5300]traffic classifier 1
[S5300-classifier-1]if-match acl 3000
[S5300-classifier-1]quit
[S5300]traffic behavior 1
[S5300-behavior-1]deny
[S5300-behavior-1]quit
[S5300]traffic policy 1
[S5300-trafficpolicy-1]classifier 1 behavior 1
[S5300-trafficpolicy-1]quit
[S5300]vlan 600
[S5300-vlan600]traffic-policy 1 inbound
[S5300-vlan600]quit
[S5300]vlan400
[S5300-vlan400]traffic-policy 1 inbound
[S5300-vlan400]quit
如果接的設備少,在端口下下發會更簡單:
前邊acl配置不變,在端口下下發:
[S5700-GigabitEthernet0/0/1]traffic-filter inbound acl 3000