ENSP模拟交换环境中调用高级ACL限制不同网段之间互访

实验环境：

网段规划：
vlan 100：10.10.10.0 /24 网关 10.10.10.254 DNS：8.8.8.8
vlan 101：192.168.10.0/24 网关 192.168.10.254 DNS：8.8.8.8
配置Center
1、创建vlan
vlan 100
description bangong
vlan 101
description youke
2、配置trunk接口
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101
3、创建虚接口并配置IP地址
interface Vlanif101
ip address 192.168.10.254 255.255.255.0
interface Vlanif100
ip address 10.10.10.254 255.255.255.0
4、配置DHCP
dhcp enable
ip pool bangong
gateway-list 10.10.10.254
network 10.10.10.0 mask 255.255.255.0
dns-list 8.8.8.8

ip pool youke
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8

interface Vlanif100
ip address 10.10.10.254 255.255.255.0
dhcp select global

interface Vlanif101
ip address 192.168.10.254 255.255.255.0
dhcp select global

配置Access1
vlan 100
description bangong
vlan 101
description youke

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3
port link-type access
port default vlan 100

interface Ethernet0/0/4
port link-type access
port default vlan 101

interface Ethernet0/0/5
port link-type access
port default vlan 100

配置Access2

vlan 100
description bangong
vlan 101
description youke

interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/3
port link-type access
port default vlan 100

interface Ethernet0/0/4
port link-type access
port default vlan 101

interface Ethernet0/0/5
port link-type access
port default vlan 100

将PC1 PC2 PC3 PC4ip地址设置为自动获取，并验证获取到的地址

我们先互相ping一下游客和办公网络，目前是互通的

我们在Center上定义ACL
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 10.10.10.0 0.0.0.255