华为ACL设置

一、要求如下禁止外网192.168.1.1访问服务器10.0.0.1 方案1

#acl 2010

rule 5 deny ip source 192.168.1.1 0

#interface GigabitEthernet 0/0/1

traffic-filter outbound acl 2010

方案2

#acl 2020

rule 5 deny ip source 192.168.1.1 0

#interface GigabitEthernet 0/0/24 #注意端口

traffic-filter intbound acl 2020 #注意方向

方案3

#acl 3030

rule 5 deny ip destination 192.168.1.1 0

#interface GigabitEthernet 0/0/1

traffic-filter inbound acl 3030

方案4

rule 5 deny ip destination 192.168.1.1 0

#interface GigabitEthernet 0/0/24 #注意端口

traffic-filter inbound acl 3040 #注意方向

二、要求如下禁止服务器10.0.0.1访问外网

方案1

#acl 2010

rule 5 deny ip source 10.0.0.1

#interface GigabitEthernet 0/0/1

traffic-filter inbound acl 2010

方案2

#acl 2020

rule 5 deny ip source 10.0.0.1

#interface GigabitEthernet 0/0/24

traffic-filter outbound acl 2020

方案3

#acl 3030

rule 5 deny ip destination 10.0.0.1 0

#interface GigabitEthernet 0/0/1

traffic-filter outbound acl 3030

方案4

#acl 3030

rule 5 deny ip destination 10.0.0.1 0

#interface GigabitEthernet 0/0/24

traffic-filter inbound acl 3030

三、只允许192.168.1.1用户可以访问10.0.0.1

方案1

#acl 3010

rule 5 permit ip destination 192.168.1.1 0

rule 10 deny ip

#interface GigabitEthernet0/0/1

traffic-filter inbound acl 3010

四、如果服务器配置了双IP 只允许192.168.1.1用户可以访问10.0.0.1不能访问10.0.0.2 方案1

#acl 3010

rule 5 permit ip source 192.168.1.1 0 destination 10.0.0.1 0

rule 10 deny ip

#interface GigabitEthernet0/0/1

traffic-filter outbound acl 3010

方案2

rule 5 permit ip destination 10.0.0.1 0 source 192.168.1.1 0 rule 10 deny ip

#interface GigabitEthernet0/0/1

traffic-filter outbound acl 3020