1,366
社区成员
发帖
与我相关
我的任务
分享
目录
学习基础ACL的配置方法
R1的端口IP配置:
<R1>system-view
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.107.12.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.107.10.254 24
[R1-GigabitEthernet0/0/1]quit
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.107.20.254 24
R2的端口IP配置:
<R2>system-view
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.107.12.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 192.107.23.2 24
[R2-GigabitEthernet0/0/1]quit
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]ip address 192.107.30.254 24
R3的端口配置:
<R3>system-view
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip address 192.107.23.3 24
R1的OSPF配置:
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.107.12.1 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.107.10.254 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.107.20.254 0.0.0.255
R2的OSPF配置:
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.107.12.2 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.107.23.2 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.107.30.254 0.0.0.255
R3的OSPF配置:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.107.23.3 0.0.0.255
PC1ping PC2
PC1pingPC 3
PC2 ping PC3
R1
R2
R3
R2中配置基础acl
[R2]acl 2000
[R2-acl-basic-2000]rule deny source 192.107.10.0 0.0.0.255
[R2-acl-basic-2000]rule permit source any
[R2-acl-basic-2000]quit
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000
PC1 ping PC3
R2 ping PC3
主要针对IP报文的源IP地址进行匹配,基本ACL的编号范围是2000-2999。
比如这个例子,创建的是acl 2000,就意味着创建的是基本ACL。