UC知道华为路由器ACL的配置有工作经验的请进
来源:百度知道 编辑:UC知道 时间:2024/06/09 03:50:36
#
sysname ***********
#
super password level *simple **********
#
cpu-usage cycle 1min
#
firewall enable
firewall fragments-inspect
#
web url-filter host enable
#
*************
#
radius scheme system
#
domain system
#
local-user *********
password simple *********
service-type ***********
level *
service-type ****
service-type *****
local-user *******
password simple ***********
service-type ***********
level ***
service-type ****
service-type ****
local-user ********
password simple ********
service-ty
level *
service-type ***
service-type ******
#
dhcp server ip-pool 1
network 192.168.0.0 mask 255.255.255.0
gateway-list 192.168.0.1
dns-list *************
#
acl number 3000
rule 0 deny ip
#
interface Aux0
async mode flow
#
sysname ***********
#
super password level *simple **********
#
cpu-usage cycle 1min
#
firewall enable
firewall fragments-inspect
#
web url-filter host enable
#
*************
#
radius scheme system
#
domain system
#
local-user *********
password simple *********
service-type ***********
level *
service-type ****
service-type *****
local-user *******
password simple ***********
service-type ***********
level ***
service-type ****
service-type ****
local-user ********
password simple ********
service-ty
level *
service-type ***
service-type ******
#
dhcp server ip-pool 1
network 192.168.0.0 mask 255.255.255.0
gateway-list 192.168.0.1
dns-list *************
#
acl number 3000
rule 0 deny ip
#
interface Aux0
async mode flow
#
……
acl number 3000
rule 0 deny ip
……
换成
rule 0 permit ip ……
看看
不是很了解华为的路由器,不过原理都差不多。
DHCP分配是随机地址,可以通过ACL禁止相应主机的MAC地址。 MAC地址每台机器是唯一的。
nat 设置也要先做一个ACL 3001(举例,你设什么都行)
设置成permit ALL,
然后在出口的端口上设置NAT OUTBOUND 3001就行了