VLAN 之间的访问控制

路由器通过以太网的子口建立与下连交换机TRUNK口相连。
要求管理VLAN可以访问其它业务VLAN、办公VLAN、财务VLAN、家庭网VLAN，但是其它VLAN不可以访问管理VLAN。
下面把路由器上的配置附上：

ip access-list extended infilter
evaluate mppacket
deny ip 10.54.16.0 0.0.0.255 10.54.17.0 0.0.0.255
deny ip 10.54.16.0 0.0.0.255 10.54.18.0 0.0.0.255
deny ip 10.54.16.0 0.0.0.255 10.54.19.0 0.0.0.255
deny ip 10.54.16.0 0.0.0.255 10.54.31.0 0.0.0.255
deny ip 10.54.17.0 0.0.0.255 10.54.16.0 0.0.0.255
deny ip 10.54.17.0 0.0.0.255 10.54.18.0 0.0.0.255
deny ip 10.54.17.0 0.0.0.255 10.54.19.0 0.0.0.255
deny ip 10.54.17.0 0.0.0.255 10.54.31.0 0.0.0.255
deny ip 10.54.18.0 0.0.0.255 10.54.16.0 0.0.0.255
deny ip 10.54.18.0 0.0.0.255 10.54.17.0 0.0.0.255
deny ip 10.54.18.0 0.0.0.255 10.54.19.0 0.0.0.255
deny ip 10.54.18.0 0.0.0.255 10.54.31.0 0.0.0.255
deny ip 10.54.19.0 0.0.0.255 10.54.16.0 0.0.0.255
deny ip 10.54.19.0 0.0.0.255 10.54.17.0 0.0.0.255
deny ip 10.54.19.0 0.0.0.255 10.54.18.0 0.0.0.255
deny ip 10.54.19.0 0.0.0.255 10.54.31.0 0.0.0.255
permit ip any any
exit

ip access-list extended outfilter
permit ip any any reflect mppacket
exit

interface fastethernet0
ip address 10.255.49.2 255.255.255.252
exit

interface fastethernet1
exit　　　　

interface fastethernet1.1
description Guanli
ip address 10.54.31.254 255.255.255.0
encapsulation dot1q 1
exit

interface fastethernet1.2
description Yewu
ip address 10.54.17.254 255.255.255.0
encapsulation dot1q 2
ip access-group outfilter out
ip access-group infilter in
exit

interface fastethernet1.3
description Bangong
ip address 10.54.16.254 255.255.255.0
encapsulation dot1q 3
ip access-group outfilter out
ip access-group infilter in
exit

interface fastethernet1.4
description Caiwu
ip address 10.54.18.254 255.255.255.0
encapsulation dot1q 4
ip access-group outfilter out
ip access-group infilter in
exit

interface fastethernet1.5
description Jiating
ip address 10.54.19.254 255.255.255.0
encapsulation dot1q 5
ip access-group outfilter out
ip access-group infilter in
exit

ip route 0.0.0.0 0.0.0.0 10.255.49.1