目录
ACL(访问控制列表)
ACL概述与产生背景
![](https://img-blog.csdnimg.cn/8d52318b083c4dddb8a35297e6339b65.png)
ACL应用
ACL种类
ACL应用原则
ACL匹配规则
NAT(网络地址翻译)
NAT工作机制
静态NAT
NATPT(端口映射)
Easy-IP
实验
nat
企业出口
[R1]int g0/0/0 //进入接口g0/0/0
[R1-GigabitEthernet0/0/0]undo shut undo shut//开启物理接口
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24 //配置IP地址及子网掩码长度
[R1-GigabitEthernet0/0/0]int g0/0/1 //进入接口g0/0/1
[R1-GigabitEthernet0/0/1]undo shut //开启物理接口
[R1-GigabitEthernet0/0/1]ip add 202.10.10.1 24 //配置IP地址及子网掩码长度
[R1]nat address-group 1 15.0.0.10 15.0.0.11 //配置NAT外网地址池
[R1]acl 2000 //创建标准访问控制列表2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 //配置ACL抓取内网地址段
[R1-acl-basic-2000]int g0/0/1 //进入接口g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 //在外网口调用acl2000
[R1]ip route-static 0.0.0.0 32 202.10.10.2 // 配置默认路由,下一跳入接口 202.10.10.2
[R1-GigabitEthernet0/0/1]display nat outbound //查看是否成功
ACL
R1
[Huawei]sys R1
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 192.168.3.254 24
[R1-GigabitEthernet0/0/2]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]q
[R1]acl 2000
[R1-acl-basic-2000]rule deny source 192.168.1.1 0
acl number 2000
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]traf
[R1-GigabitEthernet0/0/1]traffic-filter outbound 2000
[R1-GigabitEthernet0/0/1]traffic-filter outbound acl 2000
[R1-GigabitEthernet0/0/1]undo traffic-filter outbound
[R1-GigabitEthernet0/0/1]dis th
[V200R003C00]
interface GigabitEthernet0/0/1
ip address 192.168.2.254 255.255.255.0
return
[R1-GigabitEthernet0/0/1]q
[R1]acl 3000
[R1-acl-adv-3000]rule deny tcp 192.168.1.1 0 des
[R1-acl-adv-3000]rule deny tcp source
[R1-acl-adv-3000]rule deny tcp source 192.168.1.1 0 destination 192.168.2.1 0 de
stination-port eq www
[R1-acl-adv-3000]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
结果