总经理室vlan20: 192.168.1.0/24
人力资源部vlan30: 192.168.2.0/24
网络中心vlan40: 192.168.3.0/24
研发中心vlan50: 192.168.4.0/24
要求 其他部门不能访问财务部,而财务部却可以访问其它部门
方法一
ip access-list extended CCIE-out
evaluate cisco
ip access-list extended CCIE-out
evaluate cisco
ip access-list extended CCIE-in
permit icmp 192.168.5.0 0.0.0.255 any reflect cisco timeout 50
permit tcp 192.168.5.0 0.0.0.255 any reflect cisco timeout 50
permit ip any any
permit tcp 192.168.5.0 0.0.0.255 any reflect cisco timeout 50
permit ip any any
int vlan 10
ip access-group CCIE-out out
ip access-group CCIE-in in
ip access-group CCIE-out out
ip access-group CCIE-in in
ip access-list extended cisco
permit tcp any 192.168.5.0 0.0.0.255 established
permit icmp any 192.168.5.0 0.0.0.255 echo-reply
int vlan 10
ip acce-group cisco out
方法三
ip access-list extended ciscopermit tcp any 192.168.5.0 0.0.0.255 established
permit icmp any 192.168.5.0 0.0.0.255 echo-reply
int vlan 10
ip acce-list cisco out
没有评论:
发表评论