一、创建高级acl,并拒绝各个网段互访
acl ad 3000
rule
二、配置基于高级ACL的流分类
traffic classifier tc1 operator and
if-match acl 3000
三、配置流行为
traffic behavior tcp-deny
filter deny
四、在接口下应用流策略
int g1/0/7
packet-filter 3000 inbound
五、验证配置结果
dis acl 3000
acl ad 3000
rule
traffic classifier tc1 operator and
if-match acl 3000
traffic behavior tcp-deny
filter deny
int g1/0/7
packet-filter 3000 inbound
dis acl 3000