[S5300]acl 3000
[S5300-acl-adv-3000]rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255-------不能互访的两个网段
[[S5300-acl-adv-3000]rule 1 permit ip source 2.2.2.0 0.0.0.255 destination 1.1.1.0 0.0.0.255
[S5300-acl-basic-2000]quit
[S5300]traffic classifier 1
[S5300-classifier-1]if-match acl 3000
[S5300-classifier-1]quit
[S5300]traffic behavior 1
[S5300-behavior-1]deny
[S5300-behavior-1]quit
[S5300]traffic policy 1
[S5300-trafficpolicy-1]classifier 1 behavior 1
[S5300-trafficpolicy-1]quit
[S5300]vlan 600
[S5300-vlan600]traffic-policy 1 inbound
[S5300-vlan600]quit
[S5300]vlan400
[S5300-vlan400]traffic-policy 1 inbound
[S5300-vlan400]quit
如果接的设备少,在端口下下发会更简单:
前边acl配置不变,在端口下下发:
[S5700-GigabitEthernet0/0/1]traffic-filter inbound acl 3000