华为eNSP配置应用ACL控制企业数据访问

 时间:2026-02-12 10:57:53

1、一、搭建本次实验环境的拓扑

本次环境下的五台路由器模拟总部与分部,SW1、SW2仅做透明转发工作,不配置任何信息

华为eNSP配置应用ACL控制企业数据访问

2、二、配置本次实验的设备接口信息

[Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 10.0.0.1 24 [R1-GigabitEthernet0/0/0]interface Serial 3/0/0 [R1-GigabitEthernet0/0/1]ip add 10.0.12.1 24[Huawei]sysname R2 [R2]interface GigabitEthernet 0/0/0 [R2-GigabitEthernet0/0/0]ip address 10.0.0.2 24 [R2-GigabitEthernet0/0/0]quit [R2]ip route-static 0.0.0.0 0 10.0.0.1 <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sysname R3 [R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ip address 10.0.0.6 24 [R3-GigabitEthernet0/0/0]quit [R3]ip route-static 0.0.0.0 0 10.0.0.1 <Huawei>system-view Enter system view, return user view with Ctrl+Z.

[Huawei]sysname R4 [R4]inter g0/0/1 [R4-GigabitEthernet0/0/1]ip address 10.0.24.4 24 [R4-GigabitEthernet0/0/1]interface Serial 1/0/0 [[R4-GigabitEthernet0/0/0]ip add 10.0.12.4 24[Huawei]sysname R5 [R5]interface GigabitEthernet 0/0/0 [R5-GigabitEthernet0/0/0]ip address 10.0.0.8 24 [R5-GigabitEthernet0/0/0]quit [R5]ip route-static 0.0.0.0 0 10.0.0.1 <Quidway>system-view Enter system view, return user view with Ctrl+Z. [Quidway]sysname SW3[SW3]interface Vlanif 1 [SW3-Vlanif1]ip address 10.0.24.1 24 [SW3-Vlanif1]quit [SW3]ip route-static 0.0.0.0 0 10.0.24.4

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

3、三、配置好接口信息后,测试各个网段的连通性

<R1>ping -c 1 10.0.12.4  PING 10.0.12.4: 56  data bytes, press CTRL_C to break    Reply from 10.0.12.4: bytes=56 Sequence=1 ttl=255 time=130 ms

  --- 10.0.12.4 ping statistics ---    1 packet(s) transmitted    1 packet(s) received    0.00% packet loss    round-trip min/avg/max = 130/130/130 ms

<R1>ping 10.0.24.1  PING 10.0.24.1: 56  data bytes, press CTRL_C to break    Request time out    Request time out此时没有配置路由协议,各个不同网段无法互通

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

4、四、配置OSPF实现网络互通

[R1]ospf 1 router-id 10.0.12.1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0 [R4]ospf 1 router-id 10.0.12.4

[R4-ospf-1]area 0 [R4-ospf-1-area-0.0.0.0]network 10.0.12.4 0.0.0.0 [R4-ospf-1-area-0.0.0.0]network 10.0.24.4 0.0.0.0

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

5、五、检查此时的网络连通性

[R1]ping -c 2 10.0.24.1  PING 10.0.24.1: 56  data bytes, press CTRL_C to break    Reply from 10.0.24.1: bytes=56 Sequence=1 ttl=254 time=50 ms    Reply from 10.0.24.1: bytes=56 Sequence=2 ttl=254 time=50 ms

  --- 10.0.24.1 ping statistics ---    2 packet(s) transmitted    2 packet(s) received    0.00% packet loss    round-trip min/avg/max = 50/50/50 ms

[SW3]ping -c 2 10.0.0.6  PING 10.0.0.6: 56  data bytes, press CTRL_C to break    Reply from 10.0.0.6: bytes=56 Sequence=1 ttl=253 time=110 ms    Reply from 10.0.0.6: bytes=56 Sequence=2 ttl=253 time=110 ms

  --- 10.0.0.6 ping statistics ---    2 packet(s) transmitted    2 packet(s) received    0.00% packet loss    round-trip min/avg/max = 110/110/110 ms

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

6、六、配置基本ACL的条目阻止10.0.0.0段访问S1

[R4]acl 2000 [R4-acl-basic-2000]rule deny source 10.0.0.0 0.0.0.255 [R4-acl-basic-2000]rule permit source any

此时阻止R2、R3、R5访问S1

华为eNSP配置应用ACL控制企业数据访问

7、七、配置outside、inside并设置优先级

[R4]firewall zone outside [R4-zone-outside]priority 1 [R4-zone-outside]quit [R4]firewall zone inside [R4-zone-inside]priority 10

华为eNSP配置应用ACL控制企业数据访问

8、八、将接口加入区域内,配置ACL的包过滤

[R4-GigabitEthernet0/0/0]zone outside

[R4-GigabitEthernet0/0/1]zone inside

[R4]firewall interzone inside outside [R4-interzone-inside-outside]packet-filter 2000 inbound [R4-interzone-inside-outside]firewall enable

华为eNSP配置应用ACL控制企业数据访问

9、九、验证此时的ACL的作用

<R2>ping 10.0.24.1  PING 10.0.24.1: 56  data bytes, press CTRL_C to break    Request time out    Request time out    Request time out    Request time out    Request time out

  --- 10.0.24.1 ping statistics ---    5 packet(s) transmitted    0 packet(s) received    100.00% packet loss<SW3>ping 10.0.0.6  PING 10.0.0.6: 56  data bytes, press CTRL_C to break    Reply from 10.0.0.6: bytes=56 Sequence=1 ttl=253 time=140 ms    Reply from 10.0.0.6: bytes=56 Sequence=2 ttl=253 time=80 ms    Reply from 10.0.0.6: bytes=56 Sequence=3 ttl=253 time=80 ms    Reply from 10.0.0.6: bytes=56 Sequence=4 ttl=253 time=100 ms    Reply from 10.0.0.6: bytes=56 Sequence=5 ttl=253 time=90 ms

  --- 10.0.0.6 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 80/98/140 ms

策略生效后S1能访问到R2、R3、R5,而R2、R3、R5无法访问S1

华为eNSP配置应用ACL控制企业数据访问

华为eNSP配置应用ACL控制企业数据访问

  • myeclipse如何部署tomcat
  • 如何将数据库导入到 navicat for MySQL中
  • 如何使用Navicat Premium连接上本地数据库
  • 如何将idea快捷键设置成eclipse?
  • Cisco Packet Tracer 给路由器添加fa1/0接口
    • 热门搜索
    帧率是什么意思 ky是什么意思 牛奶喝多了有什么坏处 中出是什么意思 功败垂成什么意思 洁白无瑕的意思 虫草花的作用 维b的功效与作用 windy是什么意思 竹外桃花三两枝春江水暖鸭先知的意思