要求:
市场部不能访问财务部和研发部
1.0.0.0 2.0.0.0和4.0.0.0
总部不能访问研发部
说明:
看R1和R2的acl
说acl
R1:市场部不能访问财务部和研发,就在R1拒绝财务部和研发
R2:总部不能访问拒绝研发,在R2拒绝研发
-----------R4------
sys
sys R4
int g0/0/0
ip a 34.0.0.4 24
int g0/0/1
ip a 3.0.0.254 24
int g0/0/2
ip a 4.0.0.254 24
int g0/0/3
ip a 5.0.0.254 24
ospf 1 router-id 4.4.4.4
area 0
net 34.0.0.4 0.0.0.0
net 3.0.0.254 0.0.0.0
net 4.0.0.254 0.0.0.0
net 5.0.0.254 0.0.0.0
--------------R3--------
sys
sys R3
int g0/0/0
ip a 13.0.0.3 24
int g0/0/1
ip a 23.0.0.3 24
int g0/0/2
ip a 34.0.0.3 24
ospf 1 router-id 3.3.3.3
area 0
net 13.0.0.3 0.0.0.0
net 23.0.0.3 0.0.0.0
net 34.0.0.3 0.0.0.0
---------R1-------
sys
sys R1
int g0/0/0
ip a 1.0.0.254 24
int g0/0/1
ip a 13.0.0.1 24
ospf 1 router-id 1.1.1.1
area 0
net 1.0.0.254 0.0.0.0
net 13.0.0.1 0.0.0.0
---------R2-------
sys
sys R2
int g0/0/0
ip a 2.0.0.254 24
int g0/0/1
ip a 23.0.0.2 24
ospf 1 router-id 2.2.2.2
area 0
net 2.0.0.254 0.0.0.0
net 23.0.0.2 0.0.0.0
--------路由策略-------
R1:
acl number 2000
rule 5 deny source 3.0.0.0 0.0.0.255
rule 10 deny source 4.0.0.0 0.0.0.255
rule 15 permit
ospf 1
filter-policy 2000 import
R2:
acl number 2000
rule 5 permit source 4.0.0.0 0
route-policy 123 deny node 10
if-match acl 2000
route-policy 123 permit node 20
ospf 1
filter-policy route-policy 123 import