...IP来访问服务器,那ACL怎么写,设备是H3C的三层交换
发布网友
发布时间:2024-10-24 16:55
我来回答
共2个回答
热心网友
时间:2024-11-06 07:32
traffic classifier classifier_rd operator and
if-match acl 3000
#
traffic classifier classifier_hostA operator and
if-match acl 4000
#
traffic behavior behavior_rd
filter deny
#
traffic behavior behavior_hostA
filter deny
#
qos policy policy_rd
classifier classifier_rd behavior behavior_rd
#
qos policy policy_hostA
classifier classifier_hostA behavior behavior_hostA
#
acl number 3000
rule 0 deny ip source 192.168.2.0 0.0.0.255 destination X.X.X.X服务器IP
acl number 4000
rule 0 deny source-mac 001a-27-3c ffff-ffff-ffff dest-mac <服务器MAC> ffff-ffff-ffff
#
interface GigabitEthernet0/1
qos apply policy policy_hostA inbound
#interface GigabitEthernet0/2
qos apply policy policy_rd inbound
#
热心网友
时间:2024-11-06 07:35
可以在三层交换机上做2个ACL,分别应用到不同的端口。