<Quidway>system-view 三层交换机 HUAWEI Quidway S3526E
[Quidway]acl number 2002
[Quidway-acl-basic-2002]rule 5 permit source 192.168.101.99 0
[Quidway-acl-basic-2002]rule 10 deny source any
[Quidway-acl-basic-2002]quit
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]acl 2002 inbound
[Quidway]dis acl config all
Basic ACL 2002, 2 rules,
rule 10 deny (0 times matched)
rule 5 permit source 192.168.101.99 0 (0 times matched)
telnet两次
[Quidway]dis acl config all
Basic ACL 2002, 2 rules,
rule 10 deny (2 times matched)
rule 5 permit source 192.168.101.99 0 (0 times matched)
(注意:display cu 时如果看到的也是 deny在前,permit在后,要调整下先后顺序)
[Quidway]dis acl config all
Basic ACL 2002, 2 rules,
rule 5 permit source 192.168.101.99 0 (2 times matched)
rule 10 deny (2 times matched)
两次测试
ssh:[Quidway]local-user gjp
New local user added.
[Quidway-luser-gjp]password simple 123
[Quidway-luser-gjp]service-type ssh level 3
[Quidway]ssh user gjp authentication-type password
[Quidway]rsa local-key-pair create
The key name will be: Quidway_Host
% RSA keys defined for Quidway_Host already exist.
Confirm to replace them? [yes/no]:y
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]protocol inbound all
[Quidway]dis acl config all
rule 5 permit source 192.168.101.99 0 (5 times matched)
访问列表匹配项会再增 1
web:< SW1 >dir //二层交换机 HUAWEI Quidway S2000 Serials
Directory of unit1>flash:/
1 (*) -rw- 4274300 Jun 24 2006 14:25:26 s2000hi-vrp310-r0008.bin
2 (*) -rw- 800571 Jan 01 2004 00:00:00 hw-http3.1.5-0041.web
3 (*) -rw- 1195 Apr 02 2000 01:41:54 f.cfg
4 -rw- 616 Apr 02 2000 02:30:39 f1.txt
7239 KB total (2274 KB free)
(*) -with main attribute (b) -with backup attribute
(*b) -with both main and backup attribute
[SW1]time-range wt 08:30 to 12:00 daily //一星期中的每一天
[SW1]time-range wt 14:00 to 18:00 daily
[SW1]dis time-range all
Current time is 00:00:26 Apr/2/2000 Sunday
Time-range : wt ( Inactive )
08:30 to 12:00 daily
14:00 to 18:00 daily
[SW1]dis clock
00:00:44 UTC Sun 04/02/2000
Time Zone : add 00:00:00
<SW1>clock datetime 17:27:00 08/07/2012 //注意模式
<SW1>dis clock
17:27:05 UTC Tue 08/07/2012
Time Zone : add 00:00:00
<SW1>dis time-range all
Current time is 17:27:29 Aug/7/2012 Tuesday
Time-range : wt ( Active )
08:30 to 12:00 daily
14:00 to 18:00 daily
[SW1]acl number 2000 后面可以选择深度优先(auto)或配置优先(conf)
[SW1-acl-basic-2000]rule 10 permit source 192.168.101.99 0 time-range wt //代表一台主机
[SW1-acl-basic-2000]rule 20 deny source any
[SW1-acl-basic-2000]quit
[SW1]dis acl all
Total ACL Number: 1
Basic ACL 2000, 2 rules
Acl's step is 1
rule 10 permit source 192.168.101.99 0 time-range wt(0 times matched) (Active)
rule 20 deny (0 times matched)
[SW1]dis tcp status
*: TCP MD5 Connection
TCPCB Local Add:port Foreign Add:port State
81dd54d4 0.0.0.0:22 0.0.0.0:0 Listening
81dd52c4 0.0.0.0:23 0.0.0.0:0 Listening
81de3bd4 0.0.0.0:80 0.0.0.0:0 Listening
[SW1]ip http acl 2000 //应用
[SW1]dis acl all
Total ACL Number: 1
Basic ACL 2000, 2 rules
Acl's step is 1
rule 10 permit source 192.168.101.99 0 time-range wt(44 times matched) (Active)
rule 20 deny (0 times matched)
虚拟机xp测试如下:
[SW1]dis acl all
Total ACL Number: 1
Basic ACL 2000, 2 rules
Acl's step is 1
rule 10 permit source 192.168.101.99 0 time-range wt(44 times matched) (Inactive)
rule 20 deny (3 times matched)
[SW1]dis clock
18:05:06 UTC Tue 08/07/2012 //时间不在我们设置的上班时间内
Time Zone : add 00:00:00
所允许的主机也不能正常工作!
<SW1>clock datetime 17:30:00 08/07/2012