我正在使用 Cisco 1841 路由器，并且配置了 2 个子接口。F0/1.10 和 1.20。

我想停止 VLAN 10 上的设备访问 VLAN 20，反之亦然。

VLAN 10 位于 10.10.10.1 和 VLAN 20 10.10.20.1

我已经配置了以下访问控制列表

access-list 19 deny 10.10.10.0 0.0.0.255
access-list 19 permit any

access-list 29 deny 10.10.20.0 0.0.0.255
access-list 29 permit any

并将它们应用到子接口的出站端

interface f0/1.10
ip access-group 29 out

interface f0/1.20
ip access-group 19 out

问题是我仍然可以通过网络 ping。

非常感谢任何帮助，如果您需要，完整配置如下。

谢谢，

完整配置：

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.201 10.10.10.255
ip dhcp excluded-address 10.10.20.201 10.10.20.255
!
ip dhcp pool 10.10.10.0/24
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1 
   dns-server 8.8.8.8 8.8.4.4 
!
ip dhcp pool 10.10.20.0/24
   network 10.10.20.0 255.255.255.0
   default-router 10.10.20.1 
   dns-server 8.8.8.8 8.8.4.4 
!
!
vpdn enable
!

!
interface FastEthernet0/0
 description Fibre WAN Interface
 no ip address
 ip broadcast-address 0.0.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/1
 description LAN Interface
 no ip address
 ip broadcast-address 10.10.10.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.255.0
 ip access-group 29 out
 ip nat inside
 no cdp enable
!
interface FastEthernet0/1.20
 encapsulation dot1Q 20
 ip address 10.10.20.1 255.255.255.0
 ip access-group 19 out
 ip nat inside
 no cdp enable
!
interface Serial0/0/0
 no ip address
 ip broadcast-address 0.0.0.0
 shutdown
 no fair-queue
 clock rate 2000000
!
interface Dialer1
 description ADSL WAN Dialer
 ip address negotiated
 no ip unreachables
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname bne001-indigointegrated@surfdsluk
 ppp chap password 0 T57Gfc09Hjd5SQw
 ppp ipcp route default
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 permit 10.10.20.0 0.0.0.255
access-list 19 deny   10.10.10.0 0.0.0.255
access-list 19 permit any
access-list 20 permit 10.10.10.0 0.0.0.255
access-list 29 deny   10.10.20.0 0.0.0.255
access-list 29 permit any
dialer-list 1 protocol ip permit
no cdp run

control-plane

line con 0
line aux 0
line vty 0 4
 access-class 20 in
 login
!
scheduler allocate 20000 1000
end