当前位置:网站首页>Huawei ENSP simulator configures ACL access control list
Huawei ENSP simulator configures ACL access control list
2022-07-04 21:13:00 【Python Pegasus】
Catalog
1、acl type ( Here is the basis acl And advanced acl The difference between types ):
3、 stay acl Write rules in ( be based on IP Address to reject )
1、 The interface necessary for entering data :
3、 Check whether the rule is invoked successfully :
Experimental environment :
First, configure the layer 3 switch , It was explained in detail in the last article , Configuring a three-layer switch is to isolate viruses but connect communications . Realize different networks , Different vlan Your machine can communicate , these pc Computers cannot communicate directly through the middle switch , The packet must be transferred to the layer 3 switch , The three-layer switch realizes data forwarding to communicate , That is, when the layer 3 switch pc Gateway of computer .
In this environment ,pc Machine can be different from any gateway vlan Of pc Machine communication . We configure ACL Access control lists are designed to achieve pc The machine can only access vlan 20 Inside pc machine , Give him no access vlan 30 Of pc machine .
pc The gateway of the machine is in the three-layer switch , each vlan Of IP Address .
You can see PC Machine can be different from vlan Different network segments pc Machine communication , It's because of the three-layer switch .
The experimental steps :
Step one : Create an access control rule
Step two : Call this rule
Step one :
1、acl type ( Here is the basis acl And advanced acl The difference between types ):
Basics acl(Basic ACL): When doing access control, only look at the source address , I won't check the target address , Only the source address will be checked
senior acl(Advanced ACL): When doing access control, the target address will be checked .( This experiment needs to check the target address acl)
2、 establish acl:
Create a test Of acl:( It is not recommended to directly create )
acl name test
Correct creation method :
establish acl Name and enter acl type : senior (advance)、 Basics (basic)
# Create a file called test Advanced acl
acl name test advance
# Command usage
acl name name acl type
3、 stay acl Write rules in ( be based on IP Address to reject )
Writing acl The mask needs to be written backwards ,acl Set the rules ( Regulations ) for example :
The original :255.255,255,0
Reverse writing :0.0.0.255 # take 255 Switch to 0,0 Switch to 255
#rule deny ip Reject rule ip agreement
# source source address
#destination Destination
Deny access rules :
# The rejection source address is 192.168.10.0 Network segment 、 Access target ( Destination ) by 192.168.30.0 Communication of network segment
rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
# Command usage :
rule deny ip source Source address network segment Subnet mask ( Reverse writing ) destination Target geosyncline segment Subnet mask ( Reverse writing )
Allow access to rules :
Rules allow ip The source address is arbitrary , Access any packet communication of the target
rule permit ip source any destination any
That is, reject the network segment as 10 Of pc Machine access network segment is 30 Of pc machine . Other access is not restricted
View customized rules :
dis this
Step two : Call rules
The calling rule needs to be in the interface that the packet must pass , That is, it must be called on the interface , Only in this way can we manage the passage of data .
1、 The interface necessary for entering data :
int g0/0/1
2、 Call rules :
Filter the incoming data in this interface , according to acl be known as test Rule filtering for .
traffic-filter inbound acl name test
3、 Check whether the rule is invoked successfully :
Discovery use 10 The network segment pc machine ping no 30 The network segment pc machine , Prove that the calling rule swims , Next, check whether the rule affects other network segments pc Machine communication
Discovery visit 20 The network segment pc Machine has no effect , Achieve the final experimental effect .
边栏推荐
- Advantages of semantic tags and block level inline elements
- Advantages of RFID warehouse management system solution
- 吐槽 B 站收费,是怪它没钱么?
- 偷窃他人漏洞报告变卖成副业,漏洞赏金平台出“内鬼”
- [server data recovery] a case of RAID5 data recovery stored in a brand of server
- 字节测试工程师十年经验直击UI 自动化测试痛点
- Automatic generation of interface automatic test cases by actual operation
- 黄金k线图中的三角形有几种?
- LeetCode 7. 整数反转
- What if the computer page cannot be full screen? The solution of win11 page cannot be full screen
猜你喜欢
随机推荐
Explication détaillée du mécanisme de distribution des événements d'entrée multimodes
福昕PDF编辑器v10.1.8绿色版
6月“墨力原创作者计划”获奖名单公布!邀您共话国产数据库
LeetCode 8. String conversion integer (ATOI)
Sword finger offer II 80-100 (continuous update)
FastDfs的快速入门,三分钟带你上传下载文件到云服务器
RFID仓储管理系统解决方案的优点
华为ensp模拟器 DNS服务器的配置
Ten years' experience of byte test engineer directly hits the pain point of UI automation test
【optimtool.unconstrain】无约束优化工具箱
Flet tutorial 04 basic introduction to filledtonalbutton (tutorial includes source code)
阿里云国际版CDN的优势
NetWare r7000 Merlin system virtual memory creation failed, prompting that the USB disk reading and writing speed does not meet the requirements. Solution, is it necessary to create virtual memory??
杰理之AD 系列 MIDI 功能说明【篇】
伦敦银走势图分析的新方法
VIM asynchronous problem
记一次重复造轮子(Obsidian 插件设置说明汉化)
企业数字化转型最佳实践案例:基于云的数字化平台系统安全措施简介与参考
Test case (TC)
Go language notes (4) go common management commands