• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

LS-5130-28F-SI 配置ACL不知道这样操作对不对

2018-11-08提问
  • 0关注
  • 1收藏,1446浏览
粉丝:0人 关注:0人

问题描述:

新买回来的 LS-5130-28F-SI 还没安装,不知道什么下手。麻烦帮检查一下我的命令是否正确。命令是用txt文档写的,已经上传附件。谢谢。


组网及组网描述:

整个网络有192.168.1.0-192.168.14.0、192.168.254.0共15个网段,

192.168.1.0-192.168.14.0每个网段都有自己的DHCP服务器

端口1-端口14 划分VLAN 1-14  后面的全部是VLAN100

192.168.1.0-192.168.14.0 分别接在端口1-端口14

 192.168.254.0接在后面的端口上

要求是192.168.1.0-192.168.14.0之间不能互访,所有网段与192.168.254.0都能互通。


最佳答案

已采纳
Kylin 九段
粉丝:22人 关注:8人

没看到附件文件,是不是忘记上传了。

acl number 3001 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny 写成这样是否可以? 还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny

zhiliao_QpUH7 发表时间:2018-11-08 更多>>

附件上传几次了 都没看到 这里手打进来的,麻烦帮看看。谢谢 system-view # sysname H3C_LS-5130-28F-SI # telnet server enable # vlan batch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 100 # dhcp enable # interface Vlanif100 description VLAN 0100 S316 ip address 192.168.254.254 255.255.255.0 dhcp select interface dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif1 description VLAN 0001 S004 ip address 192.168.1.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.1.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif2 description VLAN 0002 S113 ip address 192.168.2.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.2.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif3 description VLAN 0003 S212 ip address 192.168.3.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.3.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif4 description VLAN 0004 S214 ip address 192.168.4.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.4.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif5 description VLAN 0005 S218 ip address 192.168.5.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.5.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif6 description VLAN 0006 S312 ip address 192.168.6.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.6.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif7 description VLAN 0007 S316 ip address 192.168.7.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.7.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif8 description VLAN 0008 S318 ip address 192.168.8.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.8.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif9 description VLAN 0009 S512 ip address 192.168.9.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.9.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif10 description VLAN 0010 S516 ip address 192.168.10.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.10.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif11 description VLAN 0011 S518 ip address 192.168.11.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.11.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif12 description VLAN 0012 S215 ip address 192.168.12.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.12.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif13 description VLAN 0013 S513 ip address 192.168.13.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.13.254 dhcp server dns-list 202.96.134.133 202.96.128.68 interface Vlanif14 description VLAN 0014 S_bak ip address 192.168.14.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.13.254 dhcp server dns-list 202.96.134.133 202.96.128.68 quit # acl number 3001 rule permit ip acl number 2001 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.1.0 0.0.0.255 acl number 2002 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.2.0 0.0.0.255 acl number 2003 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.3.0 0.0.0.255 acl number 2004 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.4.0 0.0.0.255 acl number 2005 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.5.0 0.0.0.255 acl number 2006 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.6.0 0.0.0.255 acl number 2007 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.7.0 0.0.0.255 acl number 2008 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.8.0 0.0.0.255 acl number 2009 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.9.0 0.0.0.255 acl number 2010 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.10.0 0.0.0.255 acl number 2011 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.11.0 0.0.0.255 acl number 2012 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.12.0 0.0.0.255 acl number 2013 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.13.0 0.0.0.255 acl number 2014 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.14.0 0.0.0.255 # quit # traffic classifier TC100 if-match acl 3001 # traffic classifier TC1 if-match acl 2001 # traffic classifier TC2 if-match acl 2002 # traffic classifier TC3 if-match acl 2003 # traffic classifier TC4 if-match acl 2004 # traffic classifier TC5 if-match acl 2005 # traffic classifier TC6 if-match acl 2006 # traffic classifier TC7 if-match acl 2007 # traffic classifier TC8 if-match acl 2008 # traffic classifier TC9 if-match acl 2009 # traffic classifier TC10 if-match acl 2010 # traffic classifier TC11 if-match acl 2011 # traffic classifier TC12 if-match acl 2012 # traffic classifier TC13 if-match acl 2013 # traffic classifier TC14 if-match acl 2014 # traffic behavior TB100 permit # traffic behavior TB1 permit # traffic behavior TB2 permit # traffic behavior TB3 permit # traffic behavior TB4 permit # traffic behavior TB5 permit # traffic behavior TB6 permit # traffic behavior TB7 permit # traffic behavior TB8 permit # traffic behavior TB9 permit # traffic behavior TB10 permit # traffic behavior TB11 permit # traffic behavior TB12 permit # traffic behavior TB13 permit # traffic behavior TB14 permit # traffic policy TP100 classifier TC100 behavior TB100 # traffic policy TP1 classifier TC1 behavior TB1 # traffic policy TP2 classifier TC2 behavior TB2 # traffic policy TP3 classifier TC3 behavior TB3 # traffic policy TP4 classifier TC4 behavior TB4 # traffic policy TP5 classifier TC5 behavior TB5 # traffic policy TP6 classifier TC6 behavior TB6 # traffic policy TP7 classifier TC7 behavior TB7 # traffic policy TP8 classifier TC8 behavior TB8 # traffic policy TP9 classifier TC9 behavior TB9 # traffic policy TP10 classifier TC10 behavior TB10 # traffic policy TP11 classifier TC11 behavior TB11 # traffic policy TP12 classifier TC12 behavior TB12 # traffic policy TP13 classifier TC13 behavior TB13 # traffic policy TP14 classifier TC14 behavior TB14 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan1 port trunk allow-pass vlan 1 traffic-policy TP1 inbound # interface GigabitEthernet0/0/2 port link-type trunk port trunk pvid vlan 2 port trunk allow-pass vlan 2 traffic-policy TP2 inbound # interface GigabitEthernet0/0/3 port link-type trunk port trunk pvid vlan 3 port trunk allow-pass vlan 3 traffic-policy TP3 inbound # interface GigabitEthernet0/0/4 port link-type trunk port trunk pvid vlan 4 port trunk allow-pass vlan 4 traffic-policy TP4 inbound # interface GigabitEthernet0/0/5 port link-type trunk port trunk pvid vlan 5 port trunk allow-pass vlan 5 traffic-policy TP5 inbound # interface GigabitEthernet0/0/6 port link-type trunk port trunk pvid vlan 6 port trunk allow-pass vlan 6 traffic-policy TP6 inbound # interface GigabitEthernet0/0/7 port link-type trunk port trunk pvid vlan 7 port trunk allow-pass vlan 7 traffic-policy TP7 inbound # interface GigabitEthernet0/0/8 port link-type trunk port trunk pvid vlan 8 port trunk allow-pass vlan 8 traffic-policy TP8 inbound # interface GigabitEthernet0/0/9 port link-type trunk port trunk pvid vlan 9 port trunk allow-pass vlan 9 traffic-policy TP9 inbound # interface GigabitEthernet0/0/10 port link-type trunk port trunk pvid vlan 10 port trunk allow-pass vlan 10 traffic-policy TP10 inbound # interface GigabitEthernet0/0/11 port link-type trunk port trunk pvid vlan 11 port trunk allow-pass vlan 11 traffic-policy TP11 inbound # interface GigabitEthernet0/0/12 port link-type trunk port trunk pvid vlan 12 port trunk allow-pass vlan 12 traffic-policy TP12 inbound # interface GigabitEthernet0/0/13 port link-type trunk port trunk pvid vlan 13 port trunk allow-pass vlan 13 traffic-policy TP13 inbound # interface GigabitEthernet0/0/14 port link-type trunk port trunk pvid vlan 14 port trunk allow-pass vlan 14 traffic-policy TP14 inbound # quit undo port-group v100 port-group v100 group-member GigabitEthernet0/0/15 to GigabitEthernet0/0/24 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 # quit # ospf area 0 network 192.168.254.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.6.0 0.0.0.255 network 192.168.7.0 0.0.0.255 network 192.168.8.0 0.0.0.255 network 192.168.9.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.11.0 0.0.0.255 network 192.168.12.0 0.0.0.255 network 192.168.13.0 0.0.0.255 network 192.168.14.0 0.0.0.255 # quit # return //save //y

zhiliao_QpUH7 发表时间:2018-11-08

acl number 3001 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny 写成这样是否可以? 还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny

zhiliao_QpUH7 发表时间:2018-11-08
1 个回答
zhiliao_QpUH7 知了小白
粉丝:0人 关注:0人

附件上传几次了 都没看到 这里手打进来的,麻烦帮看看。谢谢

system-view

#

sysname H3C_LS-5130-28F-SI

#

telnet server enable

#

vlan batch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 100

#

dhcp enable

#

interface Vlanif100

 description VLAN 0100 S316

 ip address 192.168.254.254 255.255.255.0

 dhcp select interface

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif1

 description VLAN 0001 S004

 ip address 192.168.1.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.1.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif2

 description VLAN 0002 S113

 ip address 192.168.2.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.2.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif3

 description VLAN 0003 S212

 ip address 192.168.3.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.3.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif4

 description VLAN 0004 S214

 ip address 192.168.4.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.4.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif5

 description VLAN 0005 S218

 ip address 192.168.5.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.5.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif6

 description VLAN 0006 S312

 ip address 192.168.6.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.6.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif7

 description VLAN 0007 S316

 ip address 192.168.7.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.7.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif8

 description VLAN 0008 S318

 ip address 192.168.8.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.8.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif9

 description VLAN 0009 S512

 ip address 192.168.9.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.9.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif10

 description VLAN 0010 S516

 ip address 192.168.10.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.10.254

 dhcp server dns-list 202.96.134.133 202.96.128.68 

#

interface Vlanif11

 description VLAN 0011 S518

 ip address 192.168.11.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.11.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif12

 description VLAN 0012 S215

 ip address 192.168.12.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.12.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

#

interface Vlanif13

 description VLAN 0013 S513

 ip address 192.168.13.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.13.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

interface Vlanif14

 description VLAN 0014 S_bak

 ip address 192.168.14.253 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.13.254

 dhcp server dns-list 202.96.134.133 202.96.128.68

quit

#

acl number 3001

 rule permit ip

acl number 2001

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.1.0 0.0.0.255

acl number 2002

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.2.0 0.0.0.255

acl number 2003

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.3.0 0.0.0.255

acl number 2004

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.4.0 0.0.0.255

acl number 2005

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.5.0 0.0.0.255

acl number 2006

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.6.0 0.0.0.255

acl number 2007

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.7.0 0.0.0.255

acl number 2008

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.8.0 0.0.0.255

acl number 2009

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.9.0 0.0.0.255

acl number 2010

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.10.0 0.0.0.255

acl number 2011

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.11.0 0.0.0.255

acl number 2012

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.12.0 0.0.0.255

acl number 2013

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.13.0 0.0.0.255

acl number 2014

 rule permit source 192.168.254.0 0.0.0.255

 rule permit source 192.168.14.0 0.0.0.255

#

quit

#

traffic classifier TC100

if-match acl 3001

#

traffic classifier TC1

 if-match acl 2001

#

traffic classifier TC2

 if-match acl 2002

#

traffic classifier TC3

if-match acl 2003

#

traffic classifier TC4

if-match acl 2004

#

traffic classifier TC5

if-match acl 2005

#

traffic classifier TC6

if-match acl 2006

#

traffic classifier TC7

if-match acl 2007

#

traffic classifier TC8

if-match acl 2008

#

traffic classifier TC9

if-match acl 2009

#

traffic classifier TC10

if-match acl 2010

#

traffic classifier TC11

if-match acl 2011

#

traffic classifier TC12

if-match acl 2012

#

traffic classifier TC13

if-match acl 2013

#

traffic classifier TC14

if-match acl 2014

#

traffic behavior TB100

 permit

#

traffic behavior TB1

 permit

#

traffic behavior TB2

 permit

#

traffic behavior TB3

 permit

#

traffic behavior TB4

 permit

#

traffic behavior TB5

 permit

#

traffic behavior TB6

 permit

#

traffic behavior TB7

 permit

#

traffic behavior TB8

 permit

#

traffic behavior TB9

 permit

#

traffic behavior TB10

 permit

#

traffic behavior TB11

 permit

#

traffic behavior TB12

 permit

#

traffic behavior TB13

 permit

#

traffic behavior TB14

 permit

#

traffic policy TP100

 classifier TC100 behavior TB100

#

traffic policy TP1

 classifier TC1 behavior TB1

#

traffic policy TP2

 classifier TC2 behavior TB2

#

traffic policy TP3

 classifier TC3 behavior TB3

#

traffic policy TP4

 classifier TC4 behavior TB4

#

traffic policy TP5

 classifier TC5 behavior TB5

#

traffic policy TP6

 classifier TC6 behavior TB6

#

traffic policy TP7

 classifier TC7 behavior TB7

#

traffic policy TP8

 classifier TC8 behavior TB8

#

traffic policy TP9

 classifier TC9 behavior TB9

#

traffic policy TP10

 classifier TC10 behavior TB10

#

traffic policy TP11

 classifier TC11 behavior TB11

#

traffic policy TP12

 classifier TC12 behavior TB12

#

traffic policy TP13

 classifier TC13 behavior TB13

#

traffic policy TP14

 classifier TC14 behavior TB14

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan1

 port trunk allow-pass vlan 1

 traffic-policy TP1 inbound

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 2

 port trunk allow-pass vlan 2

 traffic-policy TP2 inbound

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk pvid vlan 3

 port trunk allow-pass vlan 3

 traffic-policy TP3 inbound

#

interface GigabitEthernet0/0/4

 port link-type trunk

 port trunk pvid vlan 4

 port trunk allow-pass vlan 4

 traffic-policy TP4 inbound

#

interface GigabitEthernet0/0/5

 port link-type trunk

 port trunk pvid vlan 5

 port trunk allow-pass vlan 5

 traffic-policy TP5 inbound

#

interface GigabitEthernet0/0/6

 port link-type trunk

 port trunk pvid vlan 6

 port trunk allow-pass vlan 6

 traffic-policy TP6 inbound

#

interface GigabitEthernet0/0/7

 port link-type trunk

 port trunk pvid vlan 7

 port trunk allow-pass vlan 7

 traffic-policy TP7 inbound

#

interface GigabitEthernet0/0/8

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 8

 traffic-policy TP8 inbound

#

interface GigabitEthernet0/0/9

 port link-type trunk

 port trunk pvid vlan 9

 port trunk allow-pass vlan 9

 traffic-policy TP9 inbound

#

interface GigabitEthernet0/0/10

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

 traffic-policy TP10 inbound

#

interface GigabitEthernet0/0/11

 port link-type trunk

 port trunk pvid vlan 11

 port trunk allow-pass vlan 11

 traffic-policy TP11 inbound

#

interface GigabitEthernet0/0/12

 port link-type trunk

 port trunk pvid vlan 12

 port trunk allow-pass vlan 12

 traffic-policy TP12 inbound

#

interface GigabitEthernet0/0/13

 port link-type trunk

 port trunk pvid vlan 13

 port trunk allow-pass vlan 13

 traffic-policy TP13 inbound

#

interface GigabitEthernet0/0/14

 port link-type trunk

 port trunk pvid vlan 14

 port trunk allow-pass vlan 14

 traffic-policy TP14 inbound

#

quit

undo port-group v100

port-group v100

group-member GigabitEthernet0/0/15 to GigabitEthernet0/0/24

port link-type trunk

port trunk pvid vlan 100

port trunk allow-pass vlan 100

#

quit

#

ospf

area 0

network 192.168.254.0 0.0.0.255

network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

network 192.168.3.0 0.0.0.255

network 192.168.4.0 0.0.0.255

network 192.168.5.0 0.0.0.255

network 192.168.6.0 0.0.0.255

network 192.168.7.0 0.0.0.255

network 192.168.8.0 0.0.0.255

network 192.168.9.0 0.0.0.255

network 192.168.10.0 0.0.0.255

network 192.168.11.0 0.0.0.255

network 192.168.12.0 0.0.0.255

network 192.168.13.0 0.0.0.255

network 192.168.14.0 0.0.0.255

#

quit

#

return

//save

//y

 

还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny

zhiliao_QpUH7 发表时间:2018-11-08 更多>>

qos的方式比较麻烦,可以使用包过滤进行配置,附件是配置连接,可以修改包过滤的默认动作为deny,acl中匹配允许放通的规则,将包过滤下发到接口下。http://www.h3c.com/cn/d_201808/1098219_30005_0.htm#_Toc520795314

Kylin 发表时间:2018-11-08
回复Kylin:

好的,谢谢,我看一下。

zhiliao_QpUH7 发表时间:2018-11-08

acl number 3001 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny 写成这样是否可以?

zhiliao_QpUH7 发表时间:2018-11-08

还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny

zhiliao_QpUH7 发表时间:2018-11-08

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明