华为ACL设置
拓扑图如下一、要求如下禁止外网192.168.1.1访问服务器10.0.0.1
方案1
#acl 2010
rule 5 deny ip source 192.168.1.1 0
#interface GigabitEthernet 0/0/1
traffic-filter outbound acl 2010
方案2
#acl 2020
rule 5 deny ip source 192.168.1.1 0
#interface GigabitEthernet 0/0/24 #注意端口
traffic-filter intbound acl 2020 #注意方向
方案3
#acl 3030
rule 5 deny ip destination 192.168.1.1 0
#interface GigabitEthernet 0/0/1
traffic-filter inbound acl 3030
方案4
#acl 3040
rule 5 deny ip destination 192.168.1.1 0
#interface GigabitEthernet 0/0/24#注意端口
traffic-filter inbound acl 3040 #注意方向
二、要求如下禁止服务器10.0.0.1访问外网
方案1
#acl 2010
rule 5 deny ip source 10.0.0.1
#interface GigabitEthernet 0/0/1
traffic-filter inbound acl 2010
方案2
#acl 2020
rule 5 deny ip source 10.0.0.1
#interface GigabitEthernet 0/0/24
traffic-filter outbound acl 2020
方案3
#acl 3030
rule 5 deny ip destination 10.0.0.1 0
#interface GigabitEthernet 0/0/1
traffic-filter outbound acl 3030
方案4
#acl 3030
rule 5 deny ip destination 10.0.0.1 0
#interface GigabitEthernet 0/0/24
traffic-filter inbound acl 3030
三、只允许192.168.1.1用户可以访问10.0.0.1
方案1
#acl3010
rule 5 permit ip destination 192.168.1.1 0
rule 10 deny ip
#interface GigabitEthernet0/0/1
traffic-filter inbound acl 3010
四、如果服务器配置了双IP 只允许192.168.1.1用户可以访问10.0.0.1不能访问10.0.0.2
方案1
#acl3010
rule 5 permit ip source 192.168.1.1 0destination 10.0.0.1 0
rule 10 deny ip
#interface GigabitEthernet0/0/1
traffic-filter outbound acl 3010
方案2
#acl3020
rule 5 permit ip destination 10.0.0.1 0source 192.168.1.1 0
rule 10 deny ip
#interface GigabitEthernet0/0/1
traffic-filter outbound acl 3020
页:
[1]