华为ACL实验
https://upload-images.jianshu.io/upload_images/24325874-e82995446264fc2d.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240基于vlan三层通信原则,创建好基础配置的情况下,双方是可以通信的,要求做到彼此之间不可以通信。SW1创建 vlan
https://upload-images.jianshu.io/upload_images/24325874-617f333215b447b7.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
配置SW1的接口并加入对应的VLAN。E0/0/4接口方向对应的VLAN
https://upload-images.jianshu.io/upload_images/24325874-3ba761dfac1a0dfc.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
SW2创建 vlan
https://upload-images.jianshu.io/upload_images/24325874-4ad34e7b782f5c75.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
起VLANif接口,并配置对应的IP地址。
https://upload-images.jianshu.io/upload_images/24325874-216d82659b3942cb.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
目前PC4是和PC1相通的,因为三层地址有VLANif,三层互通
https://upload-images.jianshu.io/upload_images/24325874-60a11b8171287bab.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
SW2上面有路由表。
https://upload-images.jianshu.io/upload_images/24325874-31c8b05223c1e0b4.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
现在在SW2上面创建一个ACL。
https://upload-images.jianshu.io/upload_images/24325874-18b62f34511cf90d.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
在接口调用
https://upload-images.jianshu.io/upload_images/24325874-d0a42f00f625322a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
这个时候PC4就PING不通PC1了 。因为ACL语句写的拒绝了。
https://upload-images.jianshu.io/upload_images/24325874-a964e2de64080706.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
以上是针对一个网段的抓取,做拒绝策略。下面演示一下针对单独IP PC4PC2之间彼此不可访问。
https://upload-images.jianshu.io/upload_images/24325874-b10603371614e5dc.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
acl number 2005 创建acl2005 rule 5 deny source 10.10.122.12 0 仅拒绝一个IPtraffic classifier c1配置流分类 if-match acl 2005调用acl2005traffic behavior b1配置流行为 deny流行为为拒绝traffic policy p1配置流策略 classifier c1 behavior b1interface GigabitEthernet0/0/1traffic-policy p1 outbound将流策略应用到接口 测试:
https://upload-images.jianshu.io/upload_images/24325874-d3a1b2ce01c97eb2.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
实验完成。
{:6_290:}{:6_290:}{:6_290:}
页:
[1]