我公司的CISCO3550的ACL如下:
3550#show run
Building configuration...
Current configuration : 3802 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550
!
enable password
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/13
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 7
switchport mode access
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 172.16.10.1 255.255.255.0
!
interface Vlan2
ip address 172.16.11.1 255.255.255.0
ip access-group 101 in
!
interface Vlan3
ip address 172.16.12.1 255.255.255.0
!
interface Vlan4
ip address 172.16.13.1 255.255.255.0
ip access-group 102 in
!
interface Vlan5
ip address 172.16.14.1 255.255.255.0
ip access-group 103 in
!
interface Vlan6
ip address 172.16.15.1 255.255.255.0
ip access-group 104 in
!
interface Vlan7
ip address 172.16.16.1 255.255.255.0
ip access-group 105 in
!
interface Vlan8
ip address 172.16.17.1 255.255.255.0
!
interface Vlan9
ip address 172.16.18.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.10.2
ip http server
!
!
access-list 101 deny ip 172.16.11.0 0.0.0.255 172.16.12.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip 172.16.13.0 0.0.0.255 172.16.12.0 0.0.0.255
access-list 102 deny ip 172.16.13.0 0.0.0.255 172.16.11.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 deny ip 172.16.14.0 0.0.0.255 172.16.12.0 0.0.0.255
access-list 103 deny ip 172.16.14.0 0.0.0.255 172.16.11.0 0.0.0.255
access-list 103 permit ip any any
access-list 104 deny ip 172.16.15.0 0.0.0.255 172.16.12.0 0.0.0.255
access-list 104 deny ip 172.16.15.0 0.0.0.255 172.16.11.0 0.0.0.255
access-list 104 permit ip any any
access-list 105 deny ip 172.16.16.0 0.0.0.255 172.16.12.0 0.0.0.255
access-list 105 deny ip 172.16.16.0 0.0.0.255 172.16.11.0 0.0.0.255
access-list 105 permit ip any any
!
line con 0
line vty 0 4
password
login
line vty 5 15
login
!
end
3550#exit
如今为了用友U8实现互访需要将原来的VLAN2与VLAN5不能互访更改为VLAN2可以访问VLAN5,但是VLAN5不可以访问VLAN2,需要如何配置请高手帮忙给解决一下,最好是详细一些!
