rule 10 permit source 10.1.20.0 0.0.0.255 # acl number 3000 rule 5 permit tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination -port eq www rule 10 deny tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination- port eq ftp rule 15 permit tcp source 10.1.20.0 0.0....
rule permit(允许)/deny(拒绝) source ip地址/网段 反掩码 int g0/0/0(进入接口) traffic-filter outbound acl 2000(应用规则)
rule 10 permit source 10.1.20.0 0.0.0.255 # acl number 3000 rule 5 permit tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination -port eq www rule 10 deny tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination- port eq ftp rule 15 permit tcp source 10.1.20.0 0.0....
deny tcp source any destination 192.168.200.200 0.0.0.0 destination-port eq 80 rule permit ip 1. 2. 3. 4. ⑦按照需求,配置NAT连接互联网。 guest和Group1 使用EasyIP方式,访问互联网。ACL 2001 rule permit source 192.168.1.0 0.0.0.255 (guest) rule permit source 192.168.10.0 0.0.0.255 (group 1...
rule permit source :固定格式,选择源地址为192.168.1.0的数据包; 192.168.1.0 :局域网终端设备所属的网段; 0.0.0.255 : 局域网终端设备子网掩码的反面,我称呼为反掩码,可能人家有自己的名字。 转公网IP nat address-group 1 100.1.1.2 100.1.1.6
rule permit source 192.168.6.2 0.0.0.255 quit interface GigabitEthernet0/0/1 nat outbound 2001 address-group 1 no-pat nat outbound 2002 address-group 2 no-pat nat outbound 2003 address-group 3 no-pat nat outbound 2004 address-group 4 no-pat ...
quit ip route-static 0.0.0.0 0 200.1.1.2 # acl 3000 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 ###IKE 阶段一 策略 ike proposal 1 ike proposal 1 authentication-method pre-share authentication-algorithm md5 encryption...
[R1-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255 [R1-acl-basic-2000]q [R1]int g 0/0/2 [R1-GigabitEthernet0/0/2]nat outbound 2000 //采用easy-ip转换, [R1-GigabitEthernet0/0/2]q [R1]int g 4/0/0 [R1-GigabitEthernet4/0/0]nat outbound 2000 ...
2.一个ACL里面可以有多个rule规则,按照规则ID从小到大依次执行 3.数据包一旦被某个rule匹配,就不再往下匹配 ACL基本使用: 速配符0 1 0不检查 1检查 #acl2000 创建一个基本acl 2000 #rule 规则序号 deny source 条件 检查范围 #禁止规则 #rule 规则序号 permit source 条件 检查范围 #允许规则 ...
拒接目的ip地址报文规则:rule deny destination (ip地址)(匹配符) 使用报文过滤技术将acl规则应用到接口上:traffic-filter [utbound/inbound] acl (编号)(utbound表示出站,inbound表示入站) 允许源地址的规则:rule(规则id) permit source (ip地址)(子网掩码)[any] ...