Home > other >  Huawei switch solution under a little bit of experience sharing the ACL
Huawei switch solution under a little bit of experience sharing the ACL

Time:10-05

Be soft power abroad to huawei, always don't feel any sense of belonging in the heart, but can learn technology also is worth! Under the huawei a little experience share,
In the ACL control strategy of ready, such as 192.168.1.0 blocking access 192.168.2.0 3.0 4.0 5.0 segment
The acl number 3001
Rule 5 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
Rule 10 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
Rule 15 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
Rule 20 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
Rule 25 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.6.0 0.0.0.128
But to readjust in the work demand, makes one of 192.168.1.0 IP as 192.168.1.10 need access has banned has one of the IP network segment as 192.168.6.215, then to 1.10 and 6.215 each what is needed in the adjustment process.
Reconstruction is not feasible to build ACL rules, apparently because of the rules applied to the port, can only apply a rule at the same time.
So can only from the original 3001 rules laid hands on him. Is the following steps:
1. In the first place in the port will be the inbound application outage, if 3001 already in use, the rule is not to change
2. Clear all of the 3001 rules, completes the backup. Will permit the entry on the front, to restore the original rules, the reason is that the acl has a top-down order match, so must first permit after deny
If such matching to the first rule 25 is deny, then later no matter what to do permit, the result still refused, so should be adjusted order
Rule 5 permit IP source 192.168.1.10 0 destination 192.168.6.215 0
Rule 10 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
Rule 15 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
Rule 20 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
Rule 25 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
Rule 30 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.6.0 0.0.0.128
3. Reapply to the interface. In the process of application note
The difference between the permit and deny traffic behaviors.
Said use permit in accordance with the acl rules for data released 3001, 3001 in the allow it, and allow the ban that
But if use deny, whether permit or deny of the 3001 rules, are all not to forward.

Page link:https//www.codepudding.com/other/51543.html

Prev:On nas
Next:What determines the future direction of cloud computing?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding