acl中 我想让10.110.33.3-10.110.33.255 能够访问 192.168.8.20, 不想让10.110.33.2 访问192.168.8.20
acl number 3033
rule 10 permit ip source 10.110.33.0 0.0.0.255 destination 192.168.8.20 0 这条应该怎么写?
(0)
最佳答案
可以加个rule5 deny ip source 10.110.33.2 0.0.0.0 destination 192.168.8.20 0,然后用packet-filter
(0)
大兄弟,这条我也想到了,我就是不想用这条,才问的。
那就没办法了,小妹这个答案是最佳的。
子网掩码-掩码位-反掩码 对照表
127.255.255.255 = 1 = 128.0.0.0
63.255.255.255 = 2 = 192.0.0.0
31.255.255.255 = 3 = 224.0.0.0
15.255.255.255 = 4 = 240.0.0.0
7.255.255.255 = 5 = 248.0.0.0
3.255.255.255 = 6 = 252.0.0.0
1.255.255.255 = 7 = 254.0.0.0
0.255.255.255 = 8 = 255.0.0.0
0.127.255.255 = 9 = 255.128.0.0
0.63.255.255 = 10 = 255.192.0.0
0.31.255.255 = 11 = 255.224.0.0
0.15.255.255 = 12 = 255.240.0.0
0.7.255.255 = 13 = 255.248.0.0
0.3.255.255 = 14 = 255.252.0.0
0.1.255.255 = 15 = 255.254.0.0
0.0.255.255 = 16 = 255.255.0.0
0.0.127.255 = 17 = 255.255.128.0
0.0.63.255 = 18 = 255.255.192.0
0.0.31.255 = 19 = 255.255.224.0
0.0.15.255 = 20 = 255.255.240.0
0.0.7.255 = 21 = 255.255.248.0
0.0.3.255 = 22 = 255.255.252.0
0.0.1.255 = 23 = 255.255.254.0
0.0.0.255 = 24 = 255.255.255.0
0.0.0.127 = 25 = 255.255.255.128
0.0.0.63 = 26 = 255.255.255.192
0.0.0.31 = 27 = 255.255.255.224
0.0.0.15 = 28 = 255.255.255.240
0.0.0.7 = 29 = 255.255.255.248
0.0.0.3 = 30 = 255.255.255.252
0.0.0.1 = 31 = 255.255.255.254
0.0.0.0 = 32 = 255.255.255.255
(1)
不想让10.110.33.2 访问192.168.8.20 做二层包过滤 可以这样写rule 10 deny ip source 192.168.8.20 0 destination 10.110.33.2 0 packet-filter 3033 outbound
可以按照这个表的掩码位来填写
那我应该怎么写?rule 10 permit ip source 10.110.33.2 0.0.0.252 destination 192.168.8.20 0
不想让10.110.33.2 访问192.168.8.20 做二层包过滤 可以这样写rule 10 deny ip source 192.168.8.20 0 destination 10.110.33.2 0 packet-filter 3033 outbound
您好,请知:
可以直接使用如下ACL策略的命令来实现拦截:
rule 5 deny ip source 10.110.33.2 0 destination 192.168.8.20 0
rule 6 permit ip source 10.110.33.0 0.0.0.255 destination 192.168.20.0
(2)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
那就没办法了,小妹这个答案是最佳的。