广东行政职业学院(广东青年职业学院)
计算机网络技术-IPv6技术课程
项目 12 —— 使用ACL6限制公司网络访问
实训拓扑图如下
具体相关配置如下
交换机
LSW1
#
sysname LSW1
#
undo info-center enable
#
ipv6
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
acl ipv6 name PC2-PC1deny 3999
rule 0 deny ipv6 source 2020::/64 destination 2010::/64
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ipv6 enable
ipv6 address 2010::1/64
#
interface Vlanif20
ipv6 enable
ipv6 address 2020::1/64
#
interface Vlanif30
ipv6 enable
ipv6 address 2030::1/64
#
interface Vlanif100
ipv6 enable
ipv6 address 1010::1/64
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
interface NULL0
#
ipv6 route-static :: 0 1010::2
#
traffic-filter vlan 20 inbound acl ipv6 name PC2-PC1deny
#
user-interface con 0
user-interface vty 0 4
#
return
路由器
AR1
[V200R003C00]
#
sysname AR1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
ipv6
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address 1020::1/64
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ipv6 route-static :: 0 1020::2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR2
[V200R003C00]
#
sysname AR2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
acl ipv6 name PC1deny 2000
rule 5 deny source 2010::10/128
rule 10 permit
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
ipv6
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address 1010::2/64
traffic-filter inbound ipv6 acl name PC1deny
#
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address 1020::2/64
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ipv6 route-static 2010:: 64 1010::1
ipv6 route-static 2020:: 64 1010::1
ipv6 route-static 2030:: 64 1010::1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
项目验证如下:
各位观众老爷看到这里了,能不能给个点赞以示鼓励呢
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
