拓扑图:
交换机配置:
[H3C] vlan 10 20
[H3C] vlan 10
[H3C-vlan10]port GigabitEthernet 1/0/10
[H3C]vlan 20
[H3C-vlan20]port GigabitEthernet 1/0/20
[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10]ip address 192.168.10.1 24
[H3C]interface Vlan-interface 20
[H3C-Vlan-interface20]ip address 192.168.20.1 24
[H3C] acl advanced 3100
[H3C-acl-ipv4-adv-3100]rule 0 permit tcp established source 192.168.20.0
0.0.0.255 destination 192.168.10.0 0.0.0.255
[H3C-acl-ipv4-adv-3100]quit
[H3C]acl advanced 3200
[H3C-acl-ipv4-adv-3200]rule 0 permit tcp source 192.168.20.0 0.0.0.255
destination 192.168.10.0 0.0.0.255
[H3C-acl-ipv4-adv-3200]quit
[H3C]traffic classifier 1
[H3C-classifier-1]if-match acl 3100
[H3C-classifier-1]quit
[H3C]traffic classifier 2
[H3C-classifier-2]if-match acl 3200
[H3C]traffic behavior 11
[H3C-behavior-11]filter permit
[H3C-behavior-3]quit
[H3C]traffic behavior 22
[H3C-behavior-22]filter deny
[H3C]qos policy 3
[H3C-qospolicy-3]classifier 1 behavior 11
[H3C-qospolicy-3]classifier 2 behavior 22
[H3C]interface GigabitEthernet 1/0/20
[H3C-GigabitEthernet1/0/20]qos apply policy 3 inbound
配置完成之后,PC1去pingPC2,PC2去pingPC1都可以,没有实现单向访问
暂无评论