交换机和路由器命令大全(二)
2009-08-23 17:55
330 查看
交换机和路由器的命令大全 (2)
| 扩展访问控制列表配置命令[/b] [/b] [/b] 配置[/b]TCP/UDP[/b]协议的扩展访问列表:[/b] [/b] rule {normal|special}{permit|deny}{tcp|udp}source {<ip wild>|any}destination <ip wild>|any} [/b] [operate] [/b] [/b] 配置[/b]ICMP[/b]协议的扩展访问列表:[/b] [/b] rule {normal|special}{permit|deny}icmp source {<ip wild>|any]destination {<ip wild>|any] [/b] [icmp-code] [logging] [/b] [/b] 扩展访问控制列表操作符的含义[/b] [/b] equal portnumber [/b]等于[/b] [/b] greater-than portnumber [/b]大于[/b] [/b] less-than portnumber [/b]小于[/b] [/b] not-equal portnumber [/b]不等[/b] [/b] range portnumber1 portnumber2 [/b]区间[/b] [/b] [/b] 扩展访问控制列表举例[/b] [/b] [Quidway]acl 101 [/b] [Quidway-acl-101]rule deny souce any destination any [/b] [Quidway-acl-101]rule permit icmp source any destination any icmp-type echo [/b] [Quidway-acl-101]rule permit icmp source any destination any icmp-type echo-reply [/b] [/b] [Quidway]acl 102 [/b] [Quidway-acl-102]rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0 [/b] [Quidway-acl-102]rule deny ip source any destination any [/b] [/b] [Quidway]acl 103 [/b] [Quidway-acl-103]rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp [/b] [Quidway-acl-103]rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www [/b] [/b] [/b] [Quidway]firewall enable [/b] [Quidway]firewall default permit|deny [/b] [Quidway]int e0 [/b] [Quidway-Ethernet0]firewall packet-filter 101 inbound|outbound [/b] [/b] [/b] 地址转换配置举例[/b] [/b] [Quidway]firewall enable [/b] [Quidway]firewall default permit [/b] [Quidway]acl 101 [/b] [Quidway-acl-101]rule deny ip source any destination any [/b] [Quidway-acl-101]rule permit ip source 129.38.1.4 0 destination any [/b] [Quidway-acl-101]rule permit ip source 129.38.1.1 0 destination any [/b] [Quidway-acl-101]rule permit ip source 129.38.1.2 0 destination any [/b] [Quidway-acl-101]rule permit ip source 129.38.1.3 0 destination any [/b] [Quidway]acl 102 [/b] [Quidway-acl-102]rule permit tcp source 202.39.2.3 0 destination 202.38.160.1 0 [/b] [Quidway-acl-102]rule permit tcp source any destination 202.38.160.1 0 destination-port great-than [/b] 1024 [/b] [/b] [Quidway-Ethernet0]firewall packet-filter 101 inbound [/b] [Quidway-Serial0]firewall packet-filter 102 inbound [/b] [/b] [Quidway]nat address-group 202.38.160.101 202.38.160.103 pool1 [/b] [Quidway]acl 1 [/b] [Quidway-acl-1]rule permit source 10.110.10.0 0.0.0.255 [/b] [Quidway-acl-1]rule deny source any [/b] [Quidway-acl-1]int serial 0 [/b] [Quidway-Serial0]nat outbound 1 address-group pool1 [/b] [/b] [Quidway-Serial0]nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp [/b] [Quidway-Serial0]nat server global 202.38.160.102 inside 10.110.10.2 www tcp [/b] [Quidway-Serial0]nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp [/b] [Quidway-Serial0]nat server global 202.38.160.103 inside 10.110.10.4 smtp udp [/b] [/b] [/b] PPP[/b]验证:[/b] [/b] 主验方:[/b]pap|chap [/b] [Quidway]local-user u2 password {simple|cipher} aaa [/b] [Quidway]interface serial 0 [/b] [Quidway-serial0]ppp authentication-mode {pap|chap} [/b] [Quidway-serial0]ppp chap user u1 //pap[/b]时,不用此句[/b] [/b] [/b] pap[/b]被验方:[/b] [/b] [Quidway]interface serial 0 [/b] [Quidway-serial0]ppp pap local-user u2 password {simple|cipher} aaa [/b] [/b] chap[/b]被验方:[/b] [/b] [Quidway]interface serial 0 [/b] [Quidway-serial0]ppp chap user u1 [/b] [Quidway-serial0]local-user u2 password {simple|cipher} aaa[/b] [/b] 本文出自 “蓝兔子学网络,网络工程师” 博客,请务必保留此出处http://xiaoyu51800.blog.51cto.com/112532/16752 |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 