From 5b64a30de7314e97957ef6adc6cb232bbb90c120 Mon Sep 17 00:00:00 2001
From: wxy <3050128610@qq.com>
Date: Sun, 8 Jun 2025 13:40:16 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9C=9F=E6=9C=ABACL=E5=AE=9E=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 期末ACL实验.txt | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 期末ACL实验.txt

diff --git a/期末ACL实验.txt b/期末ACL实验.txt
new file mode 100644
index 0000000..370afde
--- /dev/null
+++ b/期末ACL实验.txt
@@ -0,0 +1,42 @@
+AR1==============================
+sys
+sysname AR1
+int g0/0/0
+ip add 192.168.1.254 24 
+int g0/0/1
+ip add 192.168.2.254 24 
+int g0/0/2
+ip add 10.1.12.1 24
+
+ip route-static 0.0.0.0 0 10.1.12.2
+
+# 需求2：PC1不能访问PC4，但PC4可以访问PC1
+# 若只拒绝源IP为PC1，目的IP为PC4的报文是不能实现这个需求，因为PC4 ping PC1的回包也被deny了
+# 只需拒绝PC1主动ping PC4的icmp echo报文即可，剩下默认放通所有(即，不再deny PC4 ping PC1时，PC1给PC4返回的echo-reply报文)
+# 即可实现PC4单向ping通PC1
+
+# 需求1：PC1和PC2不能互访。
+# 直接简单粗暴，拒绝源目IP分别为PC1和PC2的报文即可，源目反之，由于回包已被拒绝，仍然不能通
+# 所以只需下面一条rule 5，就可以实现PC1 PC2不能互访的效果
+
+acl 3002  
+ rule 5 deny ip source 192.168.1.1 0 destination 192.168.2.1 0 
+ rule 10 deny icmp source 192.168.1.1 0 destination 192.168.4.1 0 icmp-type echo
+
+int g0/0/0
+traffic-filter inbound acl 3002
+
+
+
+AR2==============================
+sys
+sysname AR2
+int g0/0/1
+ip add 192.168.3.254 24 
+int g0/0/2
+ip add 192.168.4.254 24 
+int g0/0/0
+ip add 10.1.12.2 24
+
+ip route-static 0.0.0.0 0 10.1.12.1
+