[03-11 14:25:45] 来源:http://www.67xuexi.com 电脑安全教程 阅读:85973次
[Quidway-Ethernet3/0/3]port link-type access
[Quidway-Ethernet3/0/3]quit
# 创建svi端口
[Quidway]vlan 20
[Quidway-vlan20]port Ethernet 1/0/2
[Quidway-vlan20]vlan 30
[Quidway-vlan30]port Ethernet 1/0/3
[Quidway-vlan30]quit
[Quidway]interface Vlanif 20
[Quidway-Vlanif20]ip address 192.168.20.1255.255.255.0
[Quidway-Vlanif20]interface Vlanif 30
[Quidway-Vlanif30]ip address 192.168.30.1255.255.255.0
[Quidway-Vlanif30]quit
# 设置被禁止通信的主机
[Quidway]acl number 4000 match-order auto
[Quidway-acl-link-4000]rule 10 deny ingress1e-65-9d-2d-21-e2 egress 1c-65-9d-2d-21-e2
[Quidway-acl-link-4000]quit
[Quidway]packet-filter link-group 4000
例:(华为 S3526)
ACL 被上层模块引用
1、需求
某个设备只允许管理员主机进行远程访问,假设管理员主机IP为192.168.2.100
2、配置
# 创建访问控制列表
[Quidway] acl number 2000 match-order auto
[Quidway-acl-basic-2000] rule 10 permit source 192.168.2.100 0.0.0.0
[Quidway-acl-basic-2000] rule deny source any
[Quidway-acl-basic-2000] quit
# 被上层模块引用
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode none
[Quidway-ui-vty0-4] acl 2000 inbound
[Quidway-ui-vty0-4]quit