ip access-list extend inter-vlan-policy
deny ip source 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 // vlan 2、3間不能通訊
deny ip source 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 // vlan 4、5間不能通訊
permit ip any any //其他流量可以互訪
到vlan介面應用ACL
interface vlan 2
ip access-group inter-vlan-policy in
interface vlan 3
interface vlan 4
interface vlan 5
ip access-list extend inter-vlan-policy
deny ip source 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 // vlan 2、3間不能通訊
deny ip source 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 // vlan 4、5間不能通訊
permit ip any any //其他流量可以互訪
到vlan介面應用ACL
interface vlan 2
ip access-group inter-vlan-policy in
interface vlan 3
ip access-group inter-vlan-policy in
interface vlan 4
ip access-group inter-vlan-policy in
interface vlan 5
ip access-group inter-vlan-policy in