首页 > 英文翻译

H3C3600IP过滤

更新时间:2023-05-07 08:13:16 阅读：评论：0

H3C3600IP过滤

⽅法⼀：只禁⽤⼀个⽹段如下（10.0.0.0）：

sys

acl number 3000

rule 0 deny ip destination 10.0.0.0 0.255.255.255

rule 1 deny ip source 10.0.0.0 0.255.255.255

quit

interface Ethernet1/0/24

packet-filter inbound ip-group 3000 rule 0

packet-filter inbound ip-group 3000 rule 1

quit

save

⽅法⼆：只允许⽹段215.101.0.0及192.0.0.0 0通过，禁⽤其它⼀切⽹段，如下：（注意：华为交换机与华三交换机配置区别）

华为交换机配置如下：

sys

acl number 3000

rule 1 permit ip source 215.0.0.0 0.255.255.255 destination 215.0.0.0 0.255.255.255

rule 2 permit ip source 192.0.0.0 0.255.255.255 destination 192.0.0.0 0.255.255.255

rule 3 deny IP

quit

interface Ethernet0/24

packet-filter inbound ip-group 3000 rule 1

packet-filter inbound ip-group 3000 rule 2

packet-filter inbound ip-group 3000 rule 3

quit

save

H3C s3600交换机配置如下：

sys

acl number 3000

rule 1 deny IP

rule 2 permit ip source 215.0.0.0 0.255.255.255 destination 215.0.0.0 0.255.255.255

rule 3 permit ip source 192.0.0.0 0.255.255.255 destination 192.0.0.0 0.255.255.255

quit

interface Ethernet1/0/24

packet-filter inbound ip-group 3000 rule 1

packet-filter inbound ip-group 3000 rule 2

packet-filter inbound ip-group 3000 rule 3

quit

save

应⽤到VLAN所有端⼝

packet-filter vlan 1 inbound ip-group 3000

烽⽕交换机配置：

Urname: admin

Password: 12345

configure

access-list 1

rule 1 ip 215.101.0.0 0.0.255.255 215.101.0.0 0.0.255.255 rule 2 ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 rule defaction deny

quit

interface ethernet 2

match access-list 1 in

quit

write file

添加以下静态路由可以访问每个地市及省公司⽹段

ip route-static 0.0.0.0 0.0.0.0 215.101.40.1

每台交换机添加每个⽹段动态路由如下

sys

rip

network 215.101.40.0

network 215.101.140.0

network 215.101.141.0

network 215.101.142.0

network 215.101.143.0

network 215.101.144.0

network 215.101.145.0

network 215.101.146.0

network 215.101.147.0

network 215.101.148.0

network 215.101.149.0

1、IE管理

sys

interface vlan 1

ip add 215.101.60.251 255.255.255.0

quit

local-ur admin

password simple admin

rvice-type telnet

level 3

quit

save

2、超级终端的telnet功能配置

ur-interface vty 0 4

t authentication password simple admin

ur privilege level 3

history-command max-size 20

idle-timeout 60

screen-length 30

protocol inbound telnet

quit

save

本文发布于:2023-05-07 08:13:16，感谢您对本站的认可！

本文链接：https://www.wtabcd.cn/fanwen/fan/90/99022.html

上一篇：和链接相关的一些名词解释

下一篇：信息安全大赛测验试卷（一）试卷

标签：交换机配置路由添加地市登录户名

留言与评论（共有 0 条评论）