|
HCNA-41 配置基本的访问控制列表ACL2000
<Huawei>system-view [Huawei]sysnamer1 [r1]interfaceloopback 0 [r1-LoopBack0]ipaddress 1.1.1.1 32 [r1-LoopBack0]interfaceGigabitEthernet 0/0/0 [r1-GigabitEthernet0/0/0]ipaddress 172.16.13.1 24 [r1-GigabitEthernet0/0/0]quit [r1]ospf1 [r1-ospf-1]area0 [r1-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234 [r1-ospf-1-area-0.0.0.0]network1.1.1.1 0.0.0.0 [r1-ospf-1-area-0.0.0.0]network172.16.13.0 0.0.0.255 [r1-ospf-1-area-0.0.0.0]return <Huawei>system-view [Huawei]sysnamer2 [r2]interfaceloopback 0 [r2-LoopBack0]ipaddress 2.2.2.2 32 [r2-LoopBack0]interfaceGigabitEthernet 0/0/0 [r2-GigabitEthernet0/0/0]ipaddress 172.16.23.2 24 [r2-GigabitEthernet0/0/0]quit [r2]ospf1 [r2-ospf-1]area0 [r2-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234 [r2-ospf-1-area-0.0.0.0]network2.2.2.2 0.0.0.0 [r2-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255 [r2-ospf-1-area-0.0.0.0]return <Huawei>system-view [Huawei]sysnamer3 [r3]interfaceloopback 0 [r3-LoopBack0]ipaddress 3.3.3.3 32 [r3-LoopBack0]interfaceGigabitEthernet 0/0/0 [r3-GigabitEthernet0/0/0]ipaddress 172.16.13.3 24 [r3-GigabitEthernet0/0/0] [r3-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1 [r3-GigabitEthernet0/0/1]ipaddress 172.16.23.3 24 [r3-GigabitEthernet0/0/1]interfaceGigabitEthernet 0/0/2 [r3-GigabitEthernet0/0/2]ipaddress 172.16.34.3 24 [r3-GigabitEthernet0/0/2]quit [r3]ospf1 [r3-ospf-1]area0 [r3-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234 [r3-ospf-1-area-0.0.0.0]network3.3.3.3 0.0.0.0 [r3-ospf-1-area-0.0.0.0]network172.16.13.0 0.0.0.255 [r3-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255 [r3-ospf-1-area-0.0.0.0]network172.16.34.0 0.0.0.255 [r3-ospf-1-area-0.0.0.0]return <Huawei>system-view [Huawei]sysnamer4 [r4]interfaceloopback 0 [r4-LoopBack0]ipaddress 4.4.4.4 32 [r4-LoopBack0]interfaceGigabitEthernet 0/0/0 [r4-GigabitEthernet0/0/0]ipaddress 172.16.34.4 24 [r4-GigabitEthernet0/0/0]quit [r4]ospf1 [r4-ospf-1]area0 [r4-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234 [r4-ospf-1-area-0.0.0.0]network4.4.4.4 0.0.0.0 [r4-ospf-1-area-0.0.0.0]network172.16.34.0 0.0.0.255 [r4-ospf-1-area-0.0.0.0]return [r4]user-interfacevty 0 4 [r4-ui-vty0-4]authentication-modepassword Pleaseconfigure the login password (maximum length 16):admin1234 [r4]acl2000 //创建ACL2000基本访问控制列表 [r4-acl-basic-2000]rule5 permit source 1.1.1.1 0 //规则5允许源IP 精确匹配通过 [r4-acl-basic-2000]rule10 deny source any //规则10 拒绝所有源IP通过 [r4-ui-vty0-4]acl2000 inbound //配置在VTY中调用ACL2000配置 使用inbound R4的数据入方向上调用 <r1>telnet-a 1.1.1.1 4.4.4.4 //使用源IP 1.1.1.1 telnet访问4.4.4.4 Press CTRL_] to quit telnet mode Trying 4.4.4.4 ... Connected to 4.4.4.4 ... Loginauthentication Password: <r4> <r2>telnet-a 2.2.2.2 4.4.4.4 Press CTRL_] to quit telnet mode Trying 4.4.4.4 ... Error: Can't connect to the remote host <r4>displayacl all //查看所有ACL列表 Total quantity of nonempty ACL number is 1 BasicACL 2000, 2 rules Acl'sstep is 5 rule 5 permit source 1.1.1.1 0 (1 matches) rule 10 deny (4 matches) [r4-acl-basic-2000]rule9 permit source 2.2.2.2 0 [r4-acl-basic-2000]displayacl all Total quantity of nonempty ACL number is 1 BasicACL 2000, 3 rules Acl'sstep is 5 rule 5 permit source 1.1.1.1 0 (1 matches) rule 9 permit source 2.2.2.2 0 (1 matches) rule 10 deny (4 matches) <r2>telnet-a 2.2.2.2 4.4.4.4 Press CTRL_] to quit telnet mode Trying 4.4.4.4 ... Connected to 4.4.4.4 ... Loginauthentication Password: <r4>
| 
|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区!
( 沪ICP备16021636号-2 )
发表于 2021-2-5 17:38:43
