acl的基础知识以及工作原理配置

最新推荐文章于 2024-04-17 09:24:09 发布

weixin_34293911

最新推荐文章于 2024-04-17 09:24:09 发布

阅读量1k

点赞数

原文链接：http://blog.51cto.com/13555885/2061282

版权

实验名称：acl基础配置

-作用：

匹配感兴趣的流量。

实验拓扑：

实验要求:pc1能ping通所有网络，其余网络都不同

实验目的：熟悉acl的应用

实验步骤：

第一：先使所有网络都能相互ping通

sw1

<Huawei>undo terminal monitor

Info: Current terminal monitor is off.

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]vlan batch 10 20 50

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]inter Ethernet0/0/1

[Huawei-Ethernet0/0/1]undo shutdown

[Huawei-Ethernet0/0/1]port link-type access

[Huawei-Ethernet0/0/1]port default vlan 10

[Huawei-Ethernet0/0/1]inter eth0/0/2

[Huawei-Ethernet0/0/2]undo shutdown

Info: Interface Ethernet0/0/2 is not shutdown.

[Huawei-Ethernet0/0/2]port link-type access

[Huawei-Ethernet0/0/2]port default vlan 20

[Huawei]inter Ethernet0/0/4

[Huawei-Ethernet0/0/4]undo shutdown

Info: Interface Ethernet0/0/4 is not shutdown.

[Huawei-Ethernet0/0/4]port link-type access

[Huawei-Ethernet0/0/4]port default vlan 50

[Huawei-Ethernet0/0/4]q

[Huawei]inter Ethernet0/0/3

[Huawei-Ethernet0/0/3]undo shutdown

Info: Interface Ethernet0/0/3 is not shutdown.

[Huawei-Ethernet0/0/3]port trunk allow-pass vlan all

sw2

<Huawei>undo terminal m

Info: Current terminal monitor is off.

<Huawei>sys

[Huawei]vlan batch 30 40 60

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]inter Ethernet0/0/1

[Huawei-Ethernet0/0/1]undo shutdown

Info: Interface Ethernet0/0/1 is not shutdown.

[Huawei-Ethernet0/0/1]port link-type access

[Huawei-Ethernet0/0/1]port default vlan 30

[Huawei-Ethernet0/0/1]inter eth0/0/2

[Huawei-Ethernet0/0/2]undo shutdown

Info: Interface Ethernet0/0/2 is not shutdown.

[Huawei-Ethernet0/0/2]port link-type access

[Huawei-Ethernet0/0/2]port default vLAN 40

[Huawei-Ethernet0/0/2]inter eth0/0/4

[Huawei-Ethernet0/0/4]undo shutdown.

[Huawei-Ethernet0/0/4]port link-type access

[Huawei-Ethernet0/0/4]port default vlan 60

[Huawei-Ethernet0/0/4]q

[Huawei]inter Ethernet0/0/3

[Huawei-Ethernet0/0/3]undo shutdown

[Huawei-Ethernet0/0/3]port link-type trunk

[Huawei-Ethernet0/0/3]port trunk allow-pass vlan all

sw3

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]vlan batch 10 20 50 70

[Huawei]inter vlan 10

[Huawei-Vlanif10]ip address 192.168.10.254 255.255.255.0

[Huawei-Vlanif10]undo shutdown

Info: Interface Vlanif10 is not shutdown.

[Huawei-Vlanif10]inter vlan 20

[Huawei-Vlanif20]ip address 192.168.20.254 255.255.255.0

[Huawei-Vlanif20]inter vlan 50

[Huawei-Vlanif50]ip address 192.168.50.254 255.255.255.0

[Huawei-Vlanif50]inter vlan 70

[Huawei-Vlanif70]ip address 192.168.70.1 255.255.255.0

[Huawei-Vlanif70]q

[Huawei]inter gi 0/0/1

[Huawei-GigabitEthernet0/0/1]undo shutdown

Info: Interface GigabitEthernet0/0/1 is not shutdown.

[Huawei-GigabitEthernet0/0/1]port link-type trunk

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/1]inter gi0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type trunk

[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/2]q

[Huawei]rip

[Huawei-rip-1]version 2

[Huawei-rip-1]network 192.168.10.0

[Huawei-rip-1]network 192.168.20.0

[Huawei-rip-1]network 192.168.50.0

[Huawei-rip-1]network 192.168.70.0

[Huawei-rip-1]q

[Huawei]

sw4

<Huawei>sys

[Huawei]vlan batch 30 40 60 70

[Huawei]inter vlan 30

[Huawei-Vlanif30]ip address 192.168.30.254 255.255.255.0

[Huawei-Vlanif30]inter vlan 40

[Huawei-Vlanif40]ip address 192.168.40.254 255.255.255.0

[Huawei-Vlanif40]inter vlan 60

[Huawei-Vlanif60]ip address 192.168.60.254 255.255.255.0

[Huawei-Vlanif60]inter vlan 70

[Huawei-Vlanif70]ip address 192.168.70.254 255.255.255.0

[Huawei-Vlanif70]q

[Huawei]inter gi 0/0/1

[Huawei-GigabitEthernet0/0/1]undo shutdown

[Huawei-GigabitEthernet0/0/1]port link-type trunk

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/1]inter gi 0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type trunk

[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/2]undo shutdown

Info: Interface GigabitEthernet0/0/2 is not shutdown.

[Huawei-GigabitEthernet0/0/2]q

[Huawei]rip

[Huawei-rip-1]version 2

[Huawei-rip-1]network 192.168.70.0

[Huawei-rip-1]network 192.168.60.0

[Huawei-rip-1]network 192.168.30.0

[Huawei-rip-1]network 192.168.40.0

[Huawei-rip-1]q

sw3

<Huawei>sys

创建acl

[Huawei]acl name pc1 adv

[Huawei-acl-adv-pc1]rule permit ip source 192.168.10.1 0.0.0.0 destination any

[Huawei-acl-adv-pc1]rule deny ip

[Huawei-acl-adv-pc1]q

[Huawei]dis acl all 查看acl

Total nonempty ACL number is 1

Advanced ACL pc1 3999, 2 rules

Acl's step is 5

rule 5 permit ip source 192.168.10.1 0

rule 10 deny ip

调用acl

[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3999

[Huawei-GigabitEthernet0/0/1]q

删除ACL：

1、正确的删除姿势

#首先解除 ACL 调用关系

Interface gi0/0/0

undo traffic-filter inbound

#其次删除 ACL 条目本身

undo acl 2000

#最后删除的最终结果

2、当调用一个不存在的 ACL 时，表示的是允许所有；

转载于:https://blog.51cto.com/13555885/2061282

weixin_34293911

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
acl的基础知识以及工作原理配置

实验名称：acl基础配置-作用：匹配感兴趣的流量。实验拓扑：实验要求:pc1能ping通所有网络，其余网络都不同实验目的：熟悉acl的应用实验步骤：第一：先使所有网络都能相互ping通sw1 <Huawei>undo terminal monitorInfo: Current terminal monit...
复制链接

扫一扫