ENSP配置 实例十 ACL配置
R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.0.12.1 24
[R1]ip route-static 192.168.2.0 24 10.0.12.2
R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.0.12.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[R2]ip route-static 192.168.1.0 24 10.0.12.1
配置ACL
[R2]acl 2000
[R2-acl-basic-2000]rule 5 deny source 192.168.1.2 0.0.0.0 //拒绝192.168.1.0网段
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000 //在g0/0/2入口启用acl2000
扩展ACL命令:
[Huawei]acl 3000
[Huawei-acl-adv-2000]rule 5 deny ip source 192.168.2.2 0 destination 192.168.6.1 0 //拒绝192.168.2.2到达192.168.6.1服务器
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]traffic-filter inbound acl 3000 //在g0/0/2入口启用acl3000