我現在是在3324SRI上分了5個VLAN,現在把192.168.21.0/24,192.168.22.0/24,192.168.24.0/24,192.168.25.0/24這四個網段可以和192.168.3.0/24網段的機器互相通訊而不允許和192.168.23.0/24網段的機器互相訪問.
config vlan default delete 1-12
create vlan vlan1 tag 10
create vlan vlan2 tag 20
create vlan vlan3 tag 30
create vlan vlan4 tag 40
create vlan vlan5 tag 50
create vlan vlan6 tag 60
config vlan vlan1 add untagged 1-2
config vlan vlan2 add untagged 3-4
config vlan vlan3 add untagged 5
config vlan vlan4 add untagged 7-8
config vlan vlan5 add untagged 9-10
config vlan vlan6 add untagged 11-12
create ipif if_vlan1 192.168.21.253/24 vlan1 state enable
create ipif if_vlan2 192.168.22.253/24 vlan2 state enable
create ipif if_vlan3 192.168.23.253/24 vlan3 state enable
create ipif if_vlan4 192.168.24.253/24 vlan4 state enable
create ipif if_vlan5 192.168.25.253/24 vlan5 state enable
create ipif if_vlan6 192.168.3.253/24 vlan6 state enable
create access_profile ip source_ip_mask 255.255.255.0 destination_ip_mask 255.255.255.0 profile_id 10
config access_profile profile_id 10 add access_id 10 ip source_ip 192.168.23.253 destination_ip 192.168.21.253 port 1- 5 deny
config access_profile profile_id 10 add access_id 20 ip source_ip 192.168.23.253 destination_ip 192.168.22.253 port 1- 5 deny
後面以此類推