小白求助,华为交换机acl控制端口3(ip:172.168.7.6)只能访问某一个地址(假如111.111.111.111假设是可以正常访问的地址),而其他172.168.0.0段地址让它不能访问,该如何配置acl?
测试过7.6不允许访问7.5但可以访问其他地址,配置成了,如果说配置7.6不能访问172.168.0.0网段,那么ping网关应该是不通的,如果配置了7.6拒绝访问172.168.0.0,那么7.6访问111.111.111.111能访问通吗?
我模拟测试7.6禁止访问172.168.0.0,允许7.6访问7.1(网关),他能正常访问111.111.111.111吗?如果不能那该怎么配置ACL
以下是模拟器测试的配置,
<Huawei>dis cu
#
sysname Huawei
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
acl number 3001
rule 0 permit ip source 172.168.7.6 0 destination 172.168.7.1 0
rule 10 deny ip source 172.168.7.6 0 destination 172.168.0.0 0.0.255.255
#
traffic classifier visitor operator and
if-match acl 3001
#
traffic behavior visitor1
deny
#
traffic policy visitor2
classifier visitor behavior visitor1
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
traffic-filter inbound acl 3001
#
interface GigabitEthernet0/0/4