1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| [S5720-28X-PWR-SI-AC]acl 3000
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny ip source 192.168.132.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 # mgmt
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny ip source 192.168.133.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 # mgmt
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.131.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.132.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.133.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.131.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.132.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.133.1 0.0.0.0 destination-port range 1 1000 # ikuai
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.131.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.132.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.132.0 0.0.0.255 destination 192.168.133.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.131.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.132.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]rule deny tcp source 192.168.133.0 0.0.0.255 destination 192.168.133.2 0.0.0.0 destination-port range 1 1000 # s5720
[S5720-28X-PWR-SI-AC-acl-adv-3000]quit
[S5720-28X-PWR-SI-AC]traffic classifier dstmgmt
[S5720-28X-PWR-SI-AC-classifier-dstmgmt]if-match acl 3000
[S5720-28X-PWR-SI-AC-classifier-dstmgmt]quit
[S5720-28X-PWR-SI-AC]traffic behavior denydstmgmt
[S5720-28X-PWR-SI-AC-behavior-denydstmgmt]deny
[S5720-28X-PWR-SI-AC-behavior-denydstmgmt]quit
[S5720-28X-PWR-SI-AC]traffic policy denydstmgmt
[S5720-28X-PWR-SI-AC-trafficpolicy-denydstmgmt]classifier dstmgmt behavior denydstmgmt
[S5720-28X-PWR-SI-AC-trafficpolicy-denydstmgmt]quit
[S5720-28X-PWR-SI-AC]interface GigabitEthernet 0/0/1
[S5720-28X-PWR-SI-AC-GigabitEthernet0/0/1]traffic-policy denydstmgmt inbound
[S5720-28X-PWR-SI-AC-GigabitEthernet0/0/1]quit
# for each AP port, and port using limit/iot vlan (32-33)
|