43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
AR1==============================
|
||
sys
|
||
sysname AR1
|
||
int g0/0/0
|
||
ip add 192.168.1.254 24
|
||
int g0/0/1
|
||
ip add 192.168.2.254 24
|
||
int g0/0/2
|
||
ip add 10.1.12.1 24
|
||
|
||
ip route-static 0.0.0.0 0 10.1.12.2
|
||
|
||
# 需求2:PC1不能访问PC4,但PC4可以访问PC1
|
||
# 若只拒绝源IP为PC1,目的IP为PC4的报文是不能实现这个需求,因为PC4 ping PC1的回包也被deny了
|
||
# 只需拒绝PC1主动ping PC4的icmp echo报文即可,剩下默认放通所有(即,不再deny PC4 ping PC1时,PC1给PC4返回的echo-reply报文)
|
||
# 即可实现PC4单向ping通PC1
|
||
|
||
# 需求1:PC1和PC2不能互访。
|
||
# 直接简单粗暴,拒绝源目IP分别为PC1和PC2的报文即可,源目反之,由于回包已被拒绝,仍然不能通
|
||
# 所以只需下面一条rule 5,就可以实现PC1 PC2不能互访的效果
|
||
|
||
acl 3002
|
||
rule 5 deny ip source 192.168.1.1 0 destination 192.168.2.1 0
|
||
rule 10 deny icmp source 192.168.1.1 0 destination 192.168.4.1 0 icmp-type echo
|
||
|
||
int g0/0/0
|
||
traffic-filter inbound acl 3002
|
||
|
||
|
||
|
||
AR2==============================
|
||
sys
|
||
sysname AR2
|
||
int g0/0/1
|
||
ip add 192.168.3.254 24
|
||
int g0/0/2
|
||
ip add 192.168.4.254 24
|
||
int g0/0/0
|
||
ip add 10.1.12.2 24
|
||
|
||
ip route-static 0.0.0.0 0 10.1.12.1
|
||
|