需求
- 需要先把全網做通
- 通過ospf 協議動態發佈路由
- 開始配置acl
- 注意在入接口上配置 過濾acl的調用,其他都差不多
拓撲圖
配置命令
dis acl 3000
Advanced ACL 3000, 4 rules
Acl’s step is 5
rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1 0
rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0 (8 matches)
rule 15 permit ip source 192.168.20.1 0 destination 192.168.1.1 0 (6 matches)
rule 20 deny ip (6 matches)
2
dis acl 3000
Advanced ACL 3000, 2 rules
Acl’s step is 5
rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1 0 (11 matches)
rule 10 deny ip (11 matches)
3
dis acl 3000
Advanced ACL 3000, 4 rules
Acl’s step is 5
rule 5 permit ip source 1.1.1.1 0 destination 192.168.1.1 0 (5 matches)
rule 10 permit ip source 1.1.1.1 0 destination 192.168.20.1 0 (8 matches)
rule 15 permit ip source 1.1.1.1 0 destination 192.168.10.1 0
rule 20 deny ip (12 matches)
實驗驗證
本人的日常記錄,歡迎噴蔡,jocker–for me
