ACL (simple security technology, three-layer technology)
ACL: access control list The access control list is used for packet access control
ACL (two types):
basic ACL (2000-2999): only the
advanced ACL that matches the source IP address ( 3000-3999): It can match the source IP, destination IP, source port, destination port and other three-layer and four-layer ip message field
ACL two roles:
1. Used to control access to data packets
2. Used in combination with other protocols Match range
Build a direct route
ps: Because ACL access rules are not available on ordinary Router
routers, you must use a AR2220
model router
PC1:
ip: 11.1.1.2
netamsk: 255.255.255.0
gateway: 11.1.1.1
PC2:
ip: 12.1.1.2
netamsk: 255.255.255.0
gateway: 12.1.1.1
PC3:
ip: 13.1.1.2
netamsk: 255.255.255.0
gateway: 13.1.1.1
R1配置命令:
system-view
sysname R1
interface e0/0/0
ip address 13.1.1.1 24
interface e0/0/1
ip address 1.1.1.1 24
interface g0/0/0
ip address 2.2.2.1 24
quit
display ip interface brief
R2配置命令:
system-view
sysname R2
interface e0/0/0
ip address 1.1.1.2 24
interface e0/0/1
ip address 11.1.1.1 24
dis this
AR1配置命令:
system-view
sysname AR1
interface g0/0/0
ip address 2.2.2.2 24
interface g0/0/1
ip address 12.1.1.1 24
dis this
Configure ospf dynamic routing
R1配置命令:
sys
ospf
area 0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 13.1.1.0 0.0.0.255
quit
display ip routing-table
R2配置命令:
sys
ospf
area 0
network 1.1.1.0 0.0.0.255
network 11.1.1.0 0.0.0.255
quit
display ip routing-table
AR1命令配置:
sys
ospf
area 0
network 2.2.2.0 0.0.0.255
network 12.1.1.0 0.0.0.255
quit
display ip routing-table
ACL access control
Requirements: Configure ACL on AR1 and deny PC1 (11.1.1.2
) access to PC2 (12.1.1.2
)
ps: The command will not be knocked and can be ?
viewed after the space , as shown below
AR1路由器ACL配置命令:
system-view
acl 3000
rule deny ip source 11.1.1.2 0.0.0.255 destination 12.1.1.2 0.0.0.255
quit
interface g0/0/0
traffic-filter inbound acl 3000
PC1: 11.1.1.2
ping test PC2: 12.1.1.2
successfully denied PC1 11.1.1.2
access to PC2:12.1.1.2