實驗描述:
本實驗爲VLAN間的單向通信。在本實驗中有三個VLAN ,分別爲VLAN10,VLAN20,VLAN40。
要求:VLAN40可以訪問VLAN10、VLAN20,但VLAN10、VLAN20不可以訪問VLAN40。VLAN10、VLAN20之間可以互相訪問。
sw#show run
version 12.3
!
hostname sw
!
ip cef
!
!
no ip domain lookup
!
interface FastEthernet0/0
switchport access vlan 40
no ip address
!
interface FastEthernet0/1
switchport access vlan 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 20
no ip address
!
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 1.1.1.1 255.0.0.0
ip access-group vlan10 in
!
interface Vlan20
ip address 2.2.2.1 255.0.0.0
ip access-group vlan20 in
!
interface Vlan30
ip address 3.3.3.1 255.0.0.0
!
interface Vlan40
ip address 4.4.4.1 255.0.0.0
ip access-group vlan40 in
!
ip http server
ip classless
!
!
!
ip access-list extended vlan10
evaluate vlan100
deny ip 1.0.0.0 0.255.255.255 4.0.0.0 0.255.255.255
permit ip any any
ip access-list extended vlan20
evaluate vlan200
deny ip 2.0.0.0 0.255.255.255 4.0.0.0 0.255.255.255
permit ip any any
ip access-list extended vlan40
permit ip 4.0.0.0 0.255.255.255 2.0.0.0 0.255.255.255 reflect vlan200
permit ip 4.0.0.0 0.255.255.255 1.0.0.0 0.255.255.255 reflect vlan100
!
line vty 0 4
login
transport preferred all
transport input all
transport output all
!
End