华为ensp---ACL实验1---路由器设置ACL限制终端访问外网

拓扑图

需求：出口路由器设置ACL限制终端访问外网
操作流程
1. 交换机创建VLAN
2. 接口划入VLAN
3. 创建VLANIF
4. 路由器设置三层接口地址
5. 设置静态路由
6. 设置AR3的ACL，拒绝PC1访问AR4

具体配置
LSW2

[Huawei]vlan batch 10 20 30
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]port default vlan 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]port default vlan 30
[Huawei-GigabitEthernet0/0/3]int vlanif10
[Huawei-Vlanif10]ip address 192.168.1.254 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip address 192.168.2.254 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip address 192.168.30.1 24
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.30.2

AR3

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.30.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 111.111.111.111 24
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.30.1

AR4

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 111.111.111.222 24
[Huawei]ip route-static 0.0.0.0 0.0.0.0 111.111.111.111

AR3

[Huawei]ACL 2000
[Huawei-acl-basic-2000]rule 5 deny source 192.168.1.1 0.0.0.0
[Huawei-GigabitEthernet0/0/1]traffic-filter outbound acl 2000