ACL流量控制公司访问外网时限制与控制

原创

骈利 2019-01-20 17:32:05 ©著作权

©著作权归作者所有：来自51CTO博客作者骈利的原创作品，请联系作者获取转载授权，否则将追究法律责任

二．设置WG（网管） <Huawei>undo terminal monitor <Huawei>sys [Huawei]sysn wg [wg-GigabitEthernet0/0/0]ip address 192.168.10.1 24 设默认路由 [wg]ip route-static 0.0.0.0 0.0.0.0 192.168.10.254

三．设置R2的IP地址和路由表 <Huawei>undo terminal monitor <Huawei>sys [R2]int g0/0/1 [R2-GigabitEthernet0/0/1]ip address 192.168.10.254 24 [R2-GigabitEthernet0/0/1]int g0/0/2 [R2-GigabitEthernet0/0/2]ip address 192.168.20.254 24 [R2-GigabitEthernet0/0/2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip address 192.168.12.1 30 [R2]ip route-static 192.168.13.0 24 192.168.12.2 [R2]ip route-static 1.1.1.0 24 192.168.12.2 [R2]ip route-static 192.168.30.0 24 192.168.12.2 [R2]ip route-static 192.168.1.0 24 192.168.12.2 四．设置R2的ACL [R2]acl 3000 [R2-acl-adv-3000]rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1 [R2-acl-adv-3000]rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0 [R2-acl-adv-3000]rule 15 permit tcp source 192.168.20.1 0 destination 192.168.1. [R2-acl-adv-3000]rule 20 deny ip source any [R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000

五．设置R2的IP地址和路由表 <Huawei>undo terminal monitor <Huawei>sys [Huawei]sysn R3 [R3]int g0/0/1 [R3-GigabitEthernet0/0/1]ip address 192.168.30.254 24 [R3-GigabitEthernet0/0/1]int g0/0/2 [R3-GigabitEthernet0/0/2]ip address 192.168.1.254 24 [R3-GigabitEthernet0/0/2]int g0/0/0 [R3-GigabitEthernet0/0/0]ip address 192.168.13.1 30 [R3]ip route-static 1.1.1.0 24 192.168.13.2 [R3]ip route-static 192.168.12.0 24 192.168.13.2 [R3]ip route-static 192.168.10.0 24 192.168.13.2 [R3]ip route-static 192.168.20.0 24 192.168.13.2

六．设置R2的ACL [R3]acl 3000 [R3-acl-adv-3000]rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1　0 [R3-acl-adv-3000]rule 10 permit tcp source 192.168.30.1 0 destination 192.168.1.1 0 destination-port eq 80 [R3-acl-adv-3000]rule 15 deny ip source any

七．设置R1的IP地址和路由表 <Huawei>undo terminal m [Huawei]sysn R1 [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip address 192.168.12.2 30 [R1-GigabitEthernet0/0/1]int g0/0/2 [R1-GigabitEthernet0/0/2]ip address 192.168.13.2 30 [R1-GigabitEthernet0/0/2]int g0/0/0 [R1-GigabitEthernet0/0/0]ip address 1.1.1.254 24 [R1]ip route-static192.168.10.0 24 192.168.12.1 ^ [R1]ip route-static 192.168.10.0 24 192.168.12.1 [R1]ip route-static 192.168.20.0 24 192.168.12.1 [R1]ip route-static 192.168.30.0 24 192.168.13.1 [R1]ip route-static 192.168.40.0 24 192.168.13.1 [R1]ip route-static 192.168.1.0 24 192.168.13.1

[R1]acl 2000 [R1-acl-basic-2000]rule 5 permit source 192.168.10.1 0.0.0.0 [R1-acl-basic-2000]rule 10 deny source any [R1]user-interface vty 0 4 [R1-ui-vty0-4]acl 2000 inbound [R1-ui-vty0-4]authentication-mode aaa [R1-ui-vty0-4]aaa [R1-aaa]local-user plpl password cipher 123 [R1-aaa]local-user plpl service-type telnet 验证ＣＷ和ＹＦ不通