1.2 type sha 流量控制 telnet ado lte route 12.1

二．設置WG（網管）
<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysn wg
[wg-GigabitEthernet0/0/0]ip address 192.168.10.1 24
設默認路由
[wg]ip route-static 0.0.0.0 0.0.0.0 192.168.10.254

三．設置R2的IP地址和路由表
<Huawei>undo terminal monitor
<Huawei>sys
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 192.168.10.254 24
[R2-GigabitEthernet0/0/1]int g0/0/2

[R2-GigabitEthernet0/0/2]ip address 192.168.20.254 24
[R2-GigabitEthernet0/0/2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.12.1 30
[R2]ip route-static 192.168.13.0 24 192.168.12.2
[R2]ip route-static 1.1.1.0 24 192.168.12.2
[R2]ip route-static 192.168.30.0 24 192.168.12.2
[R2]ip route-static 192.168.1.0 24 192.168.12.2
四．設置R2的ACL
[R2]acl 3000
[R2-acl-adv-3000]rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1
[R2-acl-adv-3000]rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0
[R2-acl-adv-3000]rule 15 permit tcp source 192.168.20.1 0 destination 192.168.1.
[R2-acl-adv-3000]rule 20 deny ip source any
[R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000

五．設置R2的IP地址和路由表
<Huawei>undo terminal monitor
<Huawei>sys
[Huawei]sysn R3
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 192.168.30.254 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip address 192.168.1.254 24
[R3-GigabitEthernet0/0/2]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.13.1 30
[R3]ip route-static 1.1.1.0 24 192.168.13.2
[R3]ip route-static 192.168.12.0 24 192.168.13.2
[R3]ip route-static 192.168.10.0 24 192.168.13.2
[R3]ip route-static 192.168.20.0 24 192.168.13.2

六．設置R2的ACL
[R3]acl 3000
[R3-acl-adv-3000]rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1　0
[R3-acl-adv-3000]rule 10 permit tcp source 192.168.30.1 0 destination 192.168.1.1 0 destination-port eq 80
[R3-acl-adv-3000]rule 15 deny ip source any

七．設置R1的IP地址和路由表
<Huawei>undo terminal m
[Huawei]sysn R1
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.12.2 30
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.13.2 30
[R1-GigabitEthernet0/0/2]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 1.1.1.254 24
[R1]ip route-static192.168.10.0 24 192.168.12.1 ^
[R1]ip route-static 192.168.10.0 24 192.168.12.1
[R1]ip route-static 192.168.20.0 24 192.168.12.1
[R1]ip route-static 192.168.30.0 24 192.168.13.1
[R1]ip route-static 192.168.40.0 24 192.168.13.1
[R1]ip route-static 192.168.1.0 24 192.168.13.1

[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.10.1 0.0.0.0
[R1-acl-basic-2000]rule 10 deny source any
[R1]user-interface vty 0 4
[R1-ui-vty0-4]acl 2000 inbound
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]aaa
[R1-aaa]local-user plpl password cipher 123
[R1-aaa]local-user plpl service-type telnet
驗證


ＣＷ和ＹＦ不通

ACL流量控制 公司訪問外網時限制與控制