以下是vlan10和vlan20之間不能互訪,其它的可以互訪,例子你看一下
interface Vlan10
ip address 192.168.1.254 255.255.255.0
ip access-group 100 in
interface Vlan20
ip address 192.168.2.254 255.255.255.0
interface Vlan30
ip address 192.168.3.254 255.255.255.0
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
以下是vlan10和vlan20之間不能互訪,其它的可以互訪,例子你看一下
interface Vlan10
ip address 192.168.1.254 255.255.255.0
ip access-group 100 in
interface Vlan20
ip address 192.168.2.254 255.255.255.0
ip access-group 100 in
interface Vlan30
ip address 192.168.3.254 255.255.255.0
ip access-group 100 in
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any