ENSP配置 实例十 ACL配置

ENSP配置 实例十 ACL配置

R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.0.12.1 24

[R1]ip route-static 192.168.2.0 24 10.0.12.2

R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.0.12.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.2.254 24

[R2]ip route-static 192.168.1.0 24 10.0.12.1

配置ACL
[R2]acl 2000
[R2-acl-basic-2000]rule 5 deny source 192.168.1.2 0.0.0.0 //拒绝192.168.1.0网段
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000 //在g0/0/2入口启用acl2000

扩展ACL命令：
[Huawei]acl 3000
[Huawei-acl-adv-2000]rule 5 deny ip source 192.168.2.2 0 destination 192.168.6.1 0 //拒绝192.168.2.2到达192.168.6.1服务器
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]traffic-filter inbound acl 3000 //在g0/0/2入口启用acl3000