Cisco 反向acl
硬件环境:3560三层交换机要求:vlan19可以访问所有 其他vlan不可以访问vlan19(服务器vlan 11 除外)
三层交换机上:
ip access-list extended it-inacl
permit ip 192.168.19.0 0.0.0.255 any reflect trafic
ip access-list extended it-outacl
permit ip 192.168.11.0 0.0.0.255 192.168.19.0 0.0.0.255
evaluate trafic
int vlan 19
ip access-group it-inacl in
ip access-group it-outacl out
页:
[1]