关于华为交换机VLAN间不可互访的配置

[S5300]acl 3000

[S5300-acl-adv-3000]rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255-------不能互访的两个网段

[[S5300-acl-adv-3000]rule 1 permit ip source 2.2.2.0 0.0.0.255 destination 1.1.1.0 0.0.0.255

[S5300-acl-basic-2000]quit

 

[S5300]traffic classifier 1

[S5300-classifier-1]if-match acl 3000

[S5300-classifier-1]quit

   

[S5300]traffic behavior 1

[S5300-behavior-1]deny

[S5300-behavior-1]quit

[S5300]traffic policy 1

[S5300-trafficpolicy-1]classifier 1 behavior 1

[S5300-trafficpolicy-1]quit

[S5300]vlan 600

[S5300-vlan600]traffic-policy 1 inbound

[S5300-vlan600]quit

[S5300]vlan400

[S5300-vlan400]traffic-policy 1 inbound

[S5300-vlan400]quit

 

如果接的设备少，在端口下下发会更简单：

前边acl配置不变，在端口下下发：

 

[S5700-GigabitEthernet0/0/1]traffic-filter inbound acl 3000