1、实验拓扑图
2、实验目的
证明ACL在接口调用,作用为控制路由,acl中的deny和permit是禁止和允许的动作
默认结尾隐含:rule xx permit source any
3、核心配置
[r2]display current-configuration
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 192.168.1.1 0
acl number 2001
rule 5 deny source 172.16.2.1 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
traffic-filter outbound acl 2001
#
interface GigabitEthernet0/0/1
ip address 20.1.1.1 255.255.255.0
traffic-filter outbound acl 2000
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 172.16.1.1 255.255.255.255 GigabitEthernet0/0/1 20.1.1.2
ip route-static 172.16.2.1 255.255.255.255 GigabitEthernet0/0/1 20.1.1.2
ip route-static 172.16.3.1 255.255.255.255 GigabitEthernet0/0/1 20.1.1.2
ip route-static 192.168.1.1 255.255.255.255 GigabitEthernet0/0/0 10.1.1.1
ip route-static 192.168.2.1 255.255.255.255 GigabitEthernet0/0/0 10.1.1.1
ip route-static 192.168.3.1 255.255.255.255 GigabitEthernet0/0/0 10.1.1.1
#
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r2]
4、实验结果
