华为3300交换机ACL之二
条件:允许外网的1.1.1.1和3.3.3.3网段访问交换机下面的2.2.2.2网段,禁止其他所有网段访问下行服务器,当然,还得允许那些可以登陆交换机的网段通过acl number 3000 (定义允许外面的网段访问下面的网段)
rule permit ip sourse 1.1.1.10.0.0.255 dest 2.2.2.2 0.0.0.255
rule permit ip sourse3.3.3.30.0.0.255 dest 2.2.2.2 0.0.0.255
acl number 3001
rule permit ip
traffic>
if-match acl 3000
traffic beha yunxu
filter permit(或者直接是permit)
traffic>
if-match acl 3001
traffic beha jinzhi
filter deny(或者直接是deny)
traffic policy xianzhi
class yunxu beha yunxu
class xianzhibeha xianzhi
最后进入上行物理端口下
interface ethe 0/0/1
traffic-policy xianzhi inbound
页:
[1]