刘慈欣谈ChatGPT:人类的无能反而 刘慈欣谈ChatGPT:人类的无能反而
OpenAI 因使用“窃取”的个人数据 OpenAI 因使用“窃取”的个人数据
搜狐回应员工遭遇工资补助诈骗: 搜狐回应员工遭遇工资补助诈骗:

软件测试 > 软件质量保证 > 解决方案 >

实现多等级reflectacl配置实例

发表于:2007-06-23来源:作者:点击数: 标签:
以下路由器的配置过程: interface FastEthe .net 0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation isl 11 ip address 192.168.0.1 255.255.255.0 ip access-group v11 in interface FastEthernet0/0.2 encapsulation

   
  以下路由器的配置过程:
  
  interface FastEthe.net0/0
  no ip address
  duplex auto
  speed auto
  !
  interface FastEthernet0/0.1
  encapsulation isl 11

  ip address 192.168.0.1 255.255.255.0
  ip aclearcase/" target="_blank" >ccess-group v11 in
  interface FastEthernet0/0.2
  encapsulation isl 10
  ip address 172.16.1.1 255.255.255.0
  ip access-group v10 in
  interface FastEthernet0/1
  ip address 10.10.10.9 255.255.255.0
  ip access-group v13 in
  
  ip route 0.0.0.0 0.0.0.0 10.10.10.10
  
  ip access-list extended v10
  permit ip 172.16.1.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit tcp 172.16.1.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit udp 172.16.1.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit icmp 172.16.1.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit ip 172.16.1.0 0.0.0.255 192.168.0.0 0.0.0.255 reflect v111
  permit tcp 172.16.1.0 0.0.0.255 192.168.0.0 0.0.0.255 reflect v111
  permit udp 172.16.1.0 0.0.0.255 192.168.0.0 0.0.0.255 reflect v111
  permit icmp 172.16.1.0 0.0.0.255 192.168.0.0 0.0.0.255 reflect v111
  permit ip any any
  ip access-list extended v11
  evaluate v111
  deny ip 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255
  deny icmp 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255
  deny udp 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255
  deny tcp 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255
  permit ip 192.168.0.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit udp 192.168.0.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit icmp 192.168.0.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit tcp 192.168.0.0 0.0.0.255 172.18.0.0 0.0.255.255 reflect v133
  permit ip any any
  ip access-list extended v13
  evaluate v133
  deny icmp 172.18.0.0 0.0.255.255 172.16.1.0 0.0.0.255
  deny ip 172.18.0.0 0.0.255.255 172.16.1.0 0.0.0.255
  deny udp 172.18.0.0 0.0.255.255 172.16.1.0 0.0.0.255
  deny tcp 172.18.0.0 0.0.255.255 172.16.1.0 0.0.0.255
  deny icmp 172.18.0.0 0.0.255.255 192.168.0.0 0.0.0.255
  deny ip 172.18.0.0 0.0.255.255 192.168.0.0 0.0.0.255
  deny tcp 172.18.0.0 0.0.255.255 192.168.0.0 0.0.0.255
  deny udp 172.18.0.0 0.0.255.255 192.168.0.0 0.0.0.255
  permit ip any any
  ip access-list logging interval 100
  
  
  以上配置实现三个等级的网段访问,使用于企业的总经理、财务、员工三个网段
  
  测试方法:
  配置完成之后,在不同网段使用ping命令开两个窗口,分别ping其他两个网段
  这时在router 上用sh ip access-l 查看有没有产生你所需要的acl,如果没有,查看是哪一条acl起效(根据acl后面的条目数,ping的过程会有一个acl的条目逐渐增加)

原文转自:http://www.ltesting.net

相关文章

软件测试沙龙 More>>

新浪微博More>>

...

热门标签