1. 技术文章
  2. acl的基础知识以及工作原理配置

acl的基础知识以及工作原理配置

吃可爱长大的小学妹 提交于 2019-12-06 10:07:02

实验名称:acl基础配置


 -作用:

       匹配感兴趣的流量。






实验拓扑:

Image.png

spacer.gif

实验要求:pc1能ping通所有网络,其余网络都不同

         

实验目的:熟悉acl的应用




实验步骤:

          第一:先使所有网络都能相互ping通


sw1

    


<Huawei>undo terminal monitor

Info: Current terminal monitor is off.

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]vlan batch 10 20 50

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]inter Ethernet0/0/1      

[Huawei-Ethernet0/0/1]undo shutdown

[Huawei-Ethernet0/0/1]port link-type access     

[Huawei-Ethernet0/0/1]port default vlan 10   

[Huawei-Ethernet0/0/1]inter eth0/0/2    

[Huawei-Ethernet0/0/2]undo shutdown

Info: Interface Ethernet0/0/2 is not shutdown.

[Huawei-Ethernet0/0/2]port link-type access     

[Huawei-Ethernet0/0/2]port default vlan 20 

[Huawei]inter Ethernet0/0/4

[Huawei-Ethernet0/0/4]undo shutdown

Info: Interface Ethernet0/0/4 is not shutdown.

[Huawei-Ethernet0/0/4]port link-type access

[Huawei-Ethernet0/0/4]port default vlan 50

[Huawei-Ethernet0/0/4]q

[Huawei]inter Ethernet0/0/3    

[Huawei-Ethernet0/0/3]undo shutdown

Info: Interface Ethernet0/0/3 is not shutdown.      

[Huawei-Ethernet0/0/3]port trunk allow-pass vlan all




sw2  

<Huawei>undo terminal m

Info: Current terminal monitor is off.

<Huawei>sys

[Huawei]vlan batch 30 40 60

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]inter Ethernet0/0/1    

[Huawei-Ethernet0/0/1]undo shutdown

Info: Interface Ethernet0/0/1 is not shutdown. 

[Huawei-Ethernet0/0/1]port link-type access

[Huawei-Ethernet0/0/1]port default vlan 30     

[Huawei-Ethernet0/0/1]inter eth0/0/2   

[Huawei-Ethernet0/0/2]undo shutdown

Info: Interface Ethernet0/0/2 is not shutdown. 

[Huawei-Ethernet0/0/2]port link-type access     

[Huawei-Ethernet0/0/2]port default vLAN 40

[Huawei-Ethernet0/0/2]inter eth0/0/4     

[Huawei-Ethernet0/0/4]undo shutdown. 

[Huawei-Ethernet0/0/4]port link-type access     

[Huawei-Ethernet0/0/4]port default vlan 60

[Huawei-Ethernet0/0/4]q

[Huawei]inter Ethernet0/0/3    

[Huawei-Ethernet0/0/3]undo shutdown 

[Huawei-Ethernet0/0/3]port link-type trunk     

[Huawei-Ethernet0/0/3]port trunk allow-pass vlan all



sw3


<Huawei>sys

Enter system view, return user view with Ctrl+Z.

   

[Huawei]vlan batch 10 20 50 70

[Huawei]inter vlan 10

[Huawei-Vlanif10]ip address 192.168.10.254 255.255.255.0   

[Huawei-Vlanif10]undo shutdown

Info: Interface Vlanif10 is not shutdown.

[Huawei-Vlanif10]inter vlan 20

[Huawei-Vlanif20]ip address 192.168.20.254 255.255.255.0

[Huawei-Vlanif20]inter vlan 50 

[Huawei-Vlanif50]ip address 192.168.50.254 255.255.255.0

[Huawei-Vlanif50]inter vlan 70

[Huawei-Vlanif70]ip address 192.168.70.1 255.255.255.0

[Huawei-Vlanif70]q

[Huawei]inter gi 0/0/1  

[Huawei-GigabitEthernet0/0/1]undo shutdown

Info: Interface GigabitEthernet0/0/1 is not shutdown. 

[Huawei-GigabitEthernet0/0/1]port link-type trunk    

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/1]inter gi0/0/2 

[Huawei-GigabitEthernet0/0/2]port link-type trunk    

[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/2]q

[Huawei]rip     

[Huawei-rip-1]version 2

[Huawei-rip-1]network 192.168.10.0

[Huawei-rip-1]network 192.168.20.0

[Huawei-rip-1]network 192.168.50.0

[Huawei-rip-1]network 192.168.70.0

[Huawei-rip-1]q

[Huawei]


sw4


<Huawei>sys

[Huawei]vlan batch 30 40 60 70

[Huawei]inter vlan 30

[Huawei-Vlanif30]ip address 192.168.30.254 255.255.255.0

[Huawei-Vlanif30]inter vlan 40

[Huawei-Vlanif40]ip address 192.168.40.254 255.255.255.0

[Huawei-Vlanif40]inter vlan 60

[Huawei-Vlanif60]ip address 192.168.60.254 255.255.255.0

[Huawei-Vlanif60]inter vlan 70  

[Huawei-Vlanif70]ip address 192.168.70.254 255.255.255.0

[Huawei-Vlanif70]q

[Huawei]inter gi 0/0/1  

[Huawei-GigabitEthernet0/0/1]undo shutdown

[Huawei-GigabitEthernet0/0/1]port link-type trunk     

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/1]inter gi 0/0/2 

[Huawei-GigabitEthernet0/0/2]port link-type trunk     

[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

  

[Huawei-GigabitEthernet0/0/2]undo shutdown

Info: Interface GigabitEthernet0/0/2 is not shutdown.

[Huawei-GigabitEthernet0/0/2]q

[Huawei]rip    

[Huawei-rip-1]version 2 

[Huawei-rip-1]network 192.168.70.0

[Huawei-rip-1]network 192.168.60.0

[Huawei-rip-1]network 192.168.30.0

[Huawei-rip-1]network 192.168.40.0

[Huawei-rip-1]q





sw3

<Huawei>sys

创建acl

[Huawei]acl name pc1 adv

[Huawei-acl-adv-pc1]rule permit ip source 192.168.10.1 0.0.0.0 destination any  

 

[Huawei-acl-adv-pc1]rule deny ip

[Huawei-acl-adv-pc1]q

 [Huawei]dis acl all    查看acl

 Total nonempty ACL number is 1

Advanced ACL pc1 3999, 2 rules

Acl's step is 5

 rule 5 permit ip source 192.168.10.1 0

 rule 10 deny ip



 调用acl

[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3999

[Huawei-GigabitEthernet0/0/1]q





删除ACL:

    1、正确的删除姿势

      #首先解除 ACL 调用关系

      Interface gi0/0/0 

      undo traffic-filter inbound

  

  #其次删除 ACL 条目本身

      undo acl 2000 

  

  #最后删除的最终结果

  

2、当调用一个不存在的 ACL 时,表示的是允许所有;




转载于:https://blog.51cto.com/13555885/2061282

标签
undo
acl
inter
shutdown
华为
rip
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!