zoukankan      html  css  js  c++  java
  • H3C 扩展ACL与基于时间的ACL

     

    1.网络之间开启rip动态协议!

    2.配置R3为ftp服务器

    [R3]ftp server enable

     

    3.测试R1能否访问ftp!可以

    <R1>ftp 3.3.3.3

    Trying 3.3.3.3 ...

    Press CTRL+K to abort

    Connected to 3.3.3.3.

    220 FTP service ready.

    User(3.3.3.3:(none)):

     

    4.配置扩展ACL

    [R1]firewall enable

    [R2]acl number 3000

    [R2-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination-port eq ftp

    应用到接口

    [R2-Serial0/2/0]firewall packet-filter 3000 inbound

    5.测试此时R1还能不能访问FTP,答案是不能!

    <R1>ftp 3.3.3.3

    Trying 3.3.3.3 ...

    Press CTRL+K to abort

    FTP: Can't connect to the remote host!

     

     

     

     

     

     

     

     

     

    基于时间的ACL

    实验人:高承旺

    实验名称:扩展ACL

    实验要求:

    不让R1访问FTP服务器

    实验拓扑:

     

    实验步骤:

    1.把上面实验配置的acl删除,查看ftp访问情况

    <R1>ftp 3.3.3.3

    Trying 3.3.3.3 ...

    Press CTRL+K to abort

    Connected to 3.3.3.3.

    220 FTP service ready.

    User(3.3.3.3:(none)):

     

    2.配置扩展ACL

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    <R2>display clock

    12:16:12 UTC Fri 12/17/2010

    3.我们修改一下时间,让R1不能访问ftp服务器!

    <R2>clock datetime 02:00 2010/12/17

     

     

    R1不能访问ftp服务器

    <R1>ftp 3.3.3.3

    Trying 3.3.3.3 ...

    Press CTRL+K to abort

    FTP: Can't connect to the remote host!

     

     

     

     

     

     

     

     

    363. 在路由器MSR-1 上看到如下提示信息:

    [MSR-1]display firewall-statistics all

    Firewall is enable, default filtering method is 'permit'.

    Interface: GigabitEthernet0/0

    In-bound Policy: acl 3000

    Fragments matched normally

    From 2008-11-08 2:25:13 to 2008-11-08 2:25:46

    0 packets, 0 bytes, 0% permitted,

    4 packets, 240 bytes, 37% denied,

    7 packets, 847 bytes, 63% permitted default,

    0 packets, 0 bytes, 0% denied default,

    Totally 7 packets, 847 bytes, 63% permitted,

    Totally 4 packets, 240 bytes, 37% denied.

    据此可以推测__abc____。

    A. 由上述信息中的37% denied 可以看出已经有数据匹配ACL 3000 中的规则

    B. 有一部分数据包没有匹配ACL 3000 中的规则,而是匹配了默认的permit 规则

    C. ACL 3000 被应用在GigabitEthernet0/0 的inbound 方向

     

  • 相关阅读:
    6. Flask请求和响应
    5. Flask模板
    FW:Software Testing
    What is the difference between modified duration, effective duration and duration?
    How to push master to QA branch in GIT
    FTPS Firewall
    Query performance optimization of Vertica
    (Forward)5 Public Speaking Tips That'll Prepare You for Any Interview
    (转)The remote certificate is invalid according to the validation procedure
    Change
  • 原文地址:https://www.cnblogs.com/niezhongle/p/11213609.html
Copyright © 2011-2022 走看看