ACL基本/高级配置

其他 2019-06-11 08:11:03 阅读次数: 0

ACL基本/高级配置

1.前段配置:
r1:
<Huawei>u t m
<Huawei>system-view
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.12.1 24
[r1]interface GigabitEthernet 0/0/2
[r1-GigabitEthernet0/0/2]ip address 192.168.13.1 24
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 1.1.1.254 24
[r1]display ip interface brief
[r1]ip route-static 192.168.1.0 24 192.168.12.2
[r1]ip route-static 192.168.10.0 24 192.168.12.2
[r1]ip route-static 192.168.20.0 24 192.168.12.2
[r1]ip route-static 192.168.30.0 24 192.168.13.2
[r1]ip route-static 192.168.1.0 24 192.168.13.2
R2:
<Huawei>u t m
<Huawei>system-view
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.10.254 24
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]ip address 192.168.20.254 24
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.12.2 24
<r2>display ip interface brief
[r2]ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
R3:
<Huawei>u t m
<Huawei>system-view
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.30.254 24
[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]ip address 192.168.1.254 24
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.13.2 24
<r3>display ip interface brief
[r3]ip route-static 0.0.0.0 0.0.0.0 192.168.13.1
WG:
<Huawei>u t m
<Huawei>system-view
[Huawei]sysname WG
[WG]interface GigabitEthernet 0/0/0
[WG-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[WG]ip route-static 0.0.0.0 0.0.0.0 192.168.10.254

2.在r1设置远程与基本ACL:
[r1]acl 2000
[r1-acl-basic-2000]rule 5 permit source 192.168.10.1 0.0.0.0
[r1-acl-basic-2000]rule 10 deny source any
[r1-acl-basic-2000]quit
[r1]user-interface vty 0 4
[r1-ui-vty0-4]acl 2000 inbound
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]aaa
[r1-aaa]local-user tata password cipher 123
[r1-aaa]local-user tata service-type telnet

3.设置高级ACL:
R2:
[r2]acl 3000
[r2-acl-adv-3000]rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1 0
[r2-acl-adv-3000]rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0
[r2-acl-adv-3000]rule 15 permit tcp source 192.168.20.1 0 destination 192.168.1.1 0 destination-port eq 80
[r2-acl-adv-3000]rule 20 deny ip source any
[r2-acl-adv-3000]quit
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000

R3:
[r3]acl 3000
[r3-acl-adv-3000]rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1 0
[r3-acl-adv-3000]rule 10 permit tcp source 192.168.30.1 0 destination 192.168.1.
1 0 destination-port eq 80
[r3-acl-adv-3000]rule 15 deny ip source any
[r3-acl-adv-3000]quit
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

猜你喜欢

转载自blog.51cto.com/14280349/2407042
今日推荐
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
周排行
NEFU 117 素数个数的位数
Closest Common Ancestors (Lca,tarjan)
ELK部署
【转载】Hive笔记整理(三)
SQL语句(一)基本表的定义
关于Java web开发中的MySQL的事务语句
MFC创建自定义窗体
如何用一句话激怒程序员?
《逆袭大学》文摘——9.4 基础和应用的平衡中找到大学的节奏
【spring源码分析】@Value注解原理
每日归档
更多
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022