ACL笔记导图
实验拓扑
实验目的
1.要求PC1可以访问3.0网段,但是PC2不行
2. PC1可以访问PC3但是不能访问PC4
3.要求PC1可以ping通R2,但是不能telnetR2
实验步骤
<Huawei>sys
[Huawei]sys R1
[R1]sys r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]undo traffic-filter inbound
[r1-GigabitEthernet0/0/0]q
[r1]acl 3001
[r1-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[r1-acl-adv-3001]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3001
<Huawei>sys
[Huawei]sys r2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]q
[r2-GigabitEthernet0/0/1]ip add 192.168.3.1 24
[r2]ip route-static 192.168.1.0 24 192.168.2.1
[r2]acl 2000
[r2-acl-basic-2000]rule deny source 192.168.1.3 0.0.0.0
[r2-acl-basic-2000]rule permit source any
[r2-acl-basic-2000]int g0/0/1
[r2-GigabitEthernet0/0/1]traffic-filter outbound acl 2000
[r2]acl name xq 3000
[r2-acl-adv-xq]rule deny ip source 192.168.1.2 0.0.0.0 destination 192.168.3.3 0.0.0.0
[r2-acl-adv-xq]q
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl name xq
[r2-GigabitEthernet0/0/0]q
[r2]aaa
[r2-aaa]local-user xijing privilege level 15 password cipher
123456
[r2-aaa]local-user xijing service-type telnet
[r2-aaa]q
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[r3-GigabitEthernet0/0/0]q
[r3]ip route-static 0.0.0.0 0 192.168.1.1
[r3]q
<r3>telnet 192.168.2.2