1.配置举例,限制测试环境50段(10.1.50.0/24)与正式网络(10.1.40.0/24)互访。测试环境和正式环境网关均在同一交换机上。
acl number 3002 name limitv50_other rule 10 permit ip source 10.1.50.0 0.0.0.255 destination 10.1.40.200 0 rule 21 deny ip source 10.1.50.0 0.0.0.255 destination 10.1.40.0 0.0.0.255 rule 100 permit ip acl number 3003 name limitother_v50 rule 10 permit ip source 10.1.40.200 0 destination 10.1.50.0 0.0.0.255 rule 21 deny ip source 10.1.40.0 0.0.0.255 destination 10.1.50.0 0.0.0.255 rule 100 permit ip interface Vlan-interface50 ip address 10.1.50.1 255.255.255.0 packet-filter 3002 inbound packet-filter 3003 outbound
看看天上,于是我去了满是风雪的地方
