拓扑图如下:
===================================
实验名称:配置华为基本ACL
===================================
条件:
一台服务器
server 1:
192.168.100.1/24
一台路由器
============================
两台pc机
pc1 IP地址
192.168.1.1/24
PC2 IP地址
192.168.2.1/24
==============================
AR-1配置命令如下:
<Huawei>system-view //进系统视图
[Huawei]sysname AR-1 //修改主机名为AR-1
[AR-1]int g0/0/0 //进g0/0/0接口
[AR-1-GigabitEthernet0/0/0]ip address 192.168.100.254 24 //配置IP地址和子网掩码
[AR-1-GigabitEthernet0/0/0]int g0/0/2 //切换接口
[AR-1-GigabitEthernet0/0/2]ip address 192.168.2.254 24 //配置IP地址和子网掩码
[AR-1-GigabitEthernet0/0/2]int g0/0/1 //切换接口
[AR-1-GigabitEthernet0/0/1]ip address 192.168.1.254 24 //配置IP地址和子网掩码
[AR-1-GigabitEthernet0/0/1]q //退到上一层,系统视图
[AR-1]acl 2000 //创建基础acl 2000
[AR-1-acl-basic-2000]rule 5 deny source 192.168.1.1 0.0.0.0 //拒绝pc1上的源IP地址
[AR-1-acl-basic-2000]q //退到上一层,系统视图
[AR-1]int g0/0/0 //进入g0/0/0接口
[AR-1-GigabitEthernet0/0/0]traffic-filter outbound acl 2000 //在接口上调用出接口
========================================================================================
测试:
pc1不能ping通Server1
pc2可以ping通Server1
pc1可以ping通pc2
