1.如果想2.1主机的不能访问1.2主机,实现流量过滤
[Huawei]acl 2000 //定义基本acl,列表号是2000
[Huawei-acl-basic-2000]rule deny source 192.168.2.1 0 //拒绝源地址是192.168.2.1的数据通过
[Huawei-acl-basic-2000]di th
[Huawei]in g0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2000 //接入接口后,应用acl
-----------------------------------------------------------------------------
[Huawei-acl-basic-2000]undo rule 5 //删除旧规则
[Huawei-acl-basic-2000]rule permit source 192.168.2.1 0 //创建规则允许2.1通过
[Huawei-acl-basic-2000]rule deny source any //拒绝所有人
[Huawei]in g0/0/1 进入1口
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 2000 //在接入的如方向应用规则,如果之前应用规则不用设置
[Huawei-acl-adv-3000]rule deny tcp source 192.168.2.1 0 destination 192.168.1.1 0 destination-port eq 21
[Huawei-acl-adv-3000]undo traffic-filter inbound acl 2000
[Huawei-acl-adv-3000]traffic-filter inbound acl 3000