最近遇到一个问题，在cisco3560上划4个vlan，分别为vlan2、vlan3、vlan4和vlan5

要求：

1.vlan2里的计算机可以到其它任何的vlan里的计算机；

2.vlan3和vlan4之间的计算机可以相互访问；

3.vlan5内的计算机不能访问任何其它vlan的计算机；

4.vlan2、vlan3和vlan5的计算机可以上网，vlan4的计算机不能上网。

现在配置如下，但不能实现，请各朋友指教：

!

version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname chsw1 ! enable secret 5 $1$lVgh$ZeA9vSCTNbX12ubvvsNah/ enable password 11111111 ! no aaa new-model ip subnet-zero ip routing no ip domain-lookup ip dhcp excluded-address 192.168.0.1 192.168.0.10 ! ip dhcp pool global    network 192.168.0.0 255.255.0.0    default-router 192.168.0.10    dns-server 202.96.134.133 202.96.128.166    lease 7 ! ip dhcp pool vlan2    network 192.168.2.0 255.255.255.0    default-router 192.168.2.1    dns-server 202.96.134.133 202.96.128.166 ! ip dhcp pool vlan3    network 192.168.3.0 255.255.255.0    dns-server 202.96.134.133 202.96.128.166    default-router 192.168.3.1 ! ip dhcp pool vlan4    network 192.168.4.0 255.255.255.0    dns-server 202.96.134.133 202.96.128.166    default-router 192.168.4.1 ! ip dhcp pool vlan5    network 192.168.5.0 255.255.255.0    dns-server 202.96.134.133 202.96.128.166    default-router 192.168.5.1 ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface GigabitEthernet0/1 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/3 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/4 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/5 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/6 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/7 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/8 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/9 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/10 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/11 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/12 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/13 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/14 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/15 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/16 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/17 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/18 switchport access vlan 4 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/19 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/20 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/21 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/22 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/23 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/24 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface GigabitEthernet0/27 ! interface GigabitEthernet0/28 ! interface Vlan1 ip address 192.168.0.10 255.255.255.0 ! interface Vlan2 ip address 192.168.2.1 255.255.255.0 ip access-group fi-main in ! interface Vlan3 ip address 192.168.3.1 255.255.255.0 ip access-group fi-access-limit in ! interface Vlan4 ip address 192.168.4.1 255.255.255.0 ip access-group fi-access-limit in ! interface Vlan5 ip address 192.168.5.1 255.255.255.0 ip access-group 5 in ! ip default-gateway 192.168.0.1 ip classless ip http server !

ip access-list extend in-filter

permit ip any any reflect abcd

ip access-list extend out-filter

evaluate abcd deny ip any 192.168.3.0 0.0.0.255 deny ip any 192.168.4.0 0.0.0.255 deny ip any 192.168.5.0 0.0.0.255 permit ip any any

access-list 5 deny 192.168.2.0 0.0.0.255

access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 deny 192.168.4.0 0.0.0.255 access-list 5 permit any

 

!

control-plane ! ! line con 0 line vty 0 4 password 22222222 login line vty 5 15 password 22222222 login ! end