S12508上有两个网段:10.1.1.1/24 10.1.2.1/24,在10.1.1.1上写了一条acl,禁止10.1.2.0/24访问10.1.1.0/24,应用策略之后发现本机的IP 10.1.2.1无法进行管控,该网段其他的IP都可以进行管控
(0)
您的问题是什么 还看懂你的需求
(0)
配置及测试内容在下边,简单来讲就是125上边写了个ACL,没法限制用户访问本机配置的任意IP
配置及测试内容在下边,简单来讲就是125上边写了个ACL,没法限制用户访问本机配置的任意IP
检查一下你的反掩码是否正确,或者把ACl 和应用的配置发一下
(0)
配置及测试内容在下边
配置及测试内容在下边
1、检查一下acl配置是否正确,是否匹配到了10.1.2.0网段
2、检查acl 过滤的方向
3、如果都没有问题,把配置发一下
(1)
配置及测试内容在下边
配置及测试内容在下边
设备配置如下
acl advanced 3000
rule 0 permit ip source 10.212.98.0 0.0.0.255 destination 10.214.132.15 0
rule 1 permit ip source 10.212.98.0 0.0.0.255 destination 10.214.132.17 0
rule 2 deny ip source 10.212.98.0 0.0.0.255 destination 10.212.64.0 0.0.31.255
rule 3 permit tcp destination-port eq dns
rule 4 permit udp destination-port eq dns
rule 5 deny ip source 10.212.98.0 0.0.0.255 destination 10.213.0.0 0.0.255.255
rule 6 deny ip source 10.212.98.0 0.0.0.255 destination 10.214.0.0 0.0.255.255
rule 7 deny ip source 10.212.98.0 0.0.0.255 destination 10.215.0.0 0.0.255.255 counting
rule 8 deny ip source 10.212.98.0 0.0.0.255 destination 10.216.0.0 0.0.255.255
rule 9 deny ip source 10.212.98.0 0.0.0.255 destination 10.217.0.0 0.0.255.255
rule 10 deny ip source 10.212.98.0 0.0.0.255 destination 10.218.0.0 0.0.255.255
rule 11 deny ip source 10.212.98.0 0.0.0.255 destination 10.219.0.0 0.0.255.255
rule 12 deny ip source 10.212.98.0 0.0.0.255 destination 10.212.0.0 0.0.63.255
rule 13 deny ip source 10.212.98.0 0.0.0.255 destination 10.212.96.0 0.0.0.255
rule 14 deny ip source 10.212.98.0 0.0.0.255 destination 10.212.97.0 0.0.0.255
rule 17 permit ip source 10.214.132.15 0 destination 10.212.98.0 0.0.0.255
rule 18 permit ip source 10.214.132.17 0 destination 10.212.98.0 0.0.0.255
rule 19 deny ip source 10.212.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 20 deny ip source 10.213.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 21 deny ip source 10.214.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 22 deny ip source 10.215.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 23 deny ip source 10.216.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 24 deny ip source 10.217.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 25 deny ip source 10.218.0.0 0.0.255.255 destination 10.212.98.0 0.0.0.255
rule 10000 permit ip
interface Vlan-interface2398
description FulScience-Free
ip address 10.212.98.1 255.255.255.0
local-proxy-arp enable
packet-filter 3000 inbound
dhcp select relay
dhcp relay server-address 10.214.132.15
dhcp relay server-address 10.214.132.17packet-filter 3000 inbound
用接入交换机模拟PC,访问10.215.1.2失败,证明ACL调用没有问题
但是在接入上访问12508上边的IP 10.215.1.1,则没受到管控
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明