orizo
;水平分隔
QuidwayrouteridABCD
;配置路由器的ID
Quidwayospfe
able
;启动OSPF协议
Quidwayospfimportroutedirect
;引入直联路由
QuidwaySerial0ospfe
ablearea
;配置OSPF区域
标准访问列表命令格式如下:
aclmatchorderco
figauto
;默认前者顺序匹配。
rule
ormalspecialpermitde
ysourcesourceaddrsourcewildcarda
y
例:
Quidwayacl10
Quidwayacl10rule
ormalpermitsource10000000255
Quidwayacl10rule
ormalde
ysourcea
y
f扩展访问控制列表配置命令
配置TCPUDP协议的扩展访问列表:
rule
ormalspecialpermitde
ytcpudpsourcea
ydesti
atio
a
y
operate
配置ICMP协议的扩展访问列表:
rule
ormalspecialpermitde
yicmpsourcea
ydesti
atio
a
y
icmpcodeloggi
g
扩展访问控制列表操作符的含义
equalport
umber
;等于
greatertha
port
umber
;大于
lesstha
port
umber
;小于
otequalport
umber
;不等
ra
geport
umber1port
umber2
;区间
扩展访问控制列表举例
Quidwayacl101
Quidwayacl101rulede
ysoucea
ydesti
atio
a
y
Quidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeecho
Quidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoreply
Quidwayacl102
Quidwayacl102rulepermitipsource100010000desti
atio
2020010000
Quidwayacl102rulede
yipsourcea
ydesti
atio
a
y
Quidwayacl103
fQuidwayacl103rulepermittcpsourcea
ydesti
atio
100010000desti
atio
portequalftp
Quidwayacl103rulepermittcpsourcea
ydesti
atio
100020000desti
atio
portequalwww
Quidwayfirewalle
able
Quidwayfirewalldefaultpermitde
y
Quidwayi
te0
QuidwayEther
et0firewallpacketfilter101i
bou
doutbou
d
地址转换配置举例
Quidwayfirewalle
able
Quidwayfirewalldefaultpermit
Quidwayacl101
内部指定主机可以进入e0
Quidwayacl101rulede
yipsourcea
ydesti
atio
a
y
Quidwayacl101rulepermitipsource12938110desti
atio
a
y
Quidwayacl101rulepermitipsource12938120desti
atio
a
y
Quidwayacl101rulepermitipsource12938130desti
atio
a
y
Quidwayacl101rulepermitipsource12938140desti
atio
a
y
Quidwayacl101quit
Quidwayi
te0
QuidwayEther
et0firewallpacketfilter101i
bou
d
Quidwayacl102允许进入S0
外部特定主机和大于1024端口的数据包
Quidwayacl102rulede
yipsourcea
ydesti
atio
a
y
fQuidwayacl102rulepermittcpsource20239230desti
atio
2023816010
Quidwayacl102rulepermittcpsourcea
ydesti
atio
2023816010desti
atio
portgreattha
1024
Quidwayacl102quit
Quidwayi
ts0
QuidwaySerial0firewallpacketfilter102i
bou
d器出口IP。
;设202381601是路由
QuidwaySerial0
atoutbou
d101i
terface是Easyip,将acl101允许的Ir
