需求
- 需要先把全网做通
- 通过ospf 协议动态发布路由
- 开始配置acl
- 注意在入接口上配置 过滤acl的调用,其他都差不多
拓扑图
配置命令
dis acl 3000
Advanced ACL 3000, 4 rules
Acl’s step is 5
rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1 0
rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0 (8 matches)
rule 15 permit ip source 192.168.20.1 0 destination 192.168.1.1 0 (6 matches)
rule 20 deny ip (6 matches)
2
dis acl 3000
Advanced ACL 3000, 2 rules
Acl’s step is 5
rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1 0 (11 matches)
rule 10 deny ip (11 matches)
3
dis acl 3000
Advanced ACL 3000, 4 rules
Acl’s step is 5
rule 5 permit ip source 1.1.1.1 0 destination 192.168.1.1 0 (5 matches)
rule 10 permit ip source 1.1.1.1 0 destination 192.168.20.1 0 (8 matches)
rule 15 permit ip source 1.1.1.1 0 destination 192.168.10.1 0
rule 20 deny ip (12 matches)
实验验证