应用根本ACL过滤数据流量
- 目标:应用根本acl配置禁止192.168.20.0网段拜访服务器
//在交换机接配置2个vlan 10 20vlan batch 10 20//在不同接口配置vlan[g0/0/2] port link-type access port default vlan 10[g0/0/1] port link-type access port default vlan 20[g0/0/3] port link-type trunk port trunk allow-pass vlan 10 20
//在路由器上配置[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10[Huawei-GigabitEthernet0/0/010]ip add 192.168.10.254 24[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20[Huawei-GigabitEthernet0/0/020]ip add 192.168.20.254 24[Huawei-GigabitEthernet0/0/1]ip add 10.1.1.254 24
- 配置ACL
[Huawei]acl 2000[Huawei-acl-basic-2000]rule 5 deny source 192.168.20.0 0.0.0.255[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 2000
应用高级ACL配置不同网段禁止互访
// 路由器设置[Huawei-GigabitEthernet0/0/1]ip add 10.1.1.1 24[Huawei-GigabitEthernet0/0/2]ip add 10.1.2.1 24
//acl配置[Huawei-acl-adv-3001]rule 5 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255[Huawei-acl-adv-3002]rule 10 deny ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3001[Huawei-GigabitEthernet0/0/2]traffic-filter inbound acl 3002
配置有些省略,但外围配置具在。