ACL簡單配置
- 前言
- 實驗
- 1、需求
- 2、命令
- 3、結果
- 總結
前言
小實驗帶大家了解ACL的簡單配置,
實驗
1、需求
- 僅允許PC1訪問192.168.2.0/24網路
- 禁止192.168.1.0/24網路ping web服務
- 僅允許Clinet1 訪問web服務器的www服務
2、命令
AR1:
先配置基礎命令:
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]q
[Huawei] int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.3.254 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 192.168.2.254 24
接著用基礎ACL配置需求1、僅允許PC1訪問192.168.2.0/24網路
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 192.168.1.1 0
[Huawei-acl-basic-2000]rule deny
[Huawei-acl-basic-2000]int g0/0/2
[Huawei-GigabitEthernet0/0/2]traffic-filter outbound acl 2000
最后我們用高級ACL配置下接下來的需求2和3
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule deny icmp source 192.168.1.0 0.0.0.255 destination 192
.168.3.1 0
[Huawei-acl-adv-3000]rule permit tcp source 192.168.1.3 0 destination 192.168.3.
1 0 destination-port eq 80
[Huawei-acl-adv-3000]rule deny tcp source any destination 192.168.3.1 0 destinat
ion-port eq 80
[Huawei-acl-adv-3000]int g0/0/0
[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
3、結果
PC1
PC>ping 192.168.2.1
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.2.1: bytes=32 seq=2 ttl=127 time=31 ms
From 192.168.2.1: bytes=32 seq=3 ttl=127 time=47 ms
From 192.168.2.1: bytes=32 seq=4 ttl=127 time=47 ms
From 192.168.2.1: bytes=32 seq=5 ttl=127 time=47 ms
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/43/47 ms
PC>ping 192.168.3.1
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 192.168.3.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC2
Welcome to use PC Simulator!
PC>ping 192.168.2.1
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
可見,我們完成了三個需求,實際上,命令配置并不多,也很容易理解,
總結
配置配置很簡單,主要在于了解根據需求,了解資料的傳輸方向,然后知道在出介面還是入介面進行配置,同時也不能妨礙其他計算機的通信,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/245669.html
標籤:其他
下一篇:計算機網路期末復習整理