A-A+
在华为路由器上做的实现路由控制的实验
使用华为路由器上做路由控制的实验,也跟小帆模拟器上做的差不多。基本相同,但华为的实现这个功能不需要扩展的acl只需要基本的访问控制即可,不同的部分如下:
创建访问控制列表
1.核心部分:
- Acl 2000
- rule permit source 192.168.3.0 0.0.0.255(定义规则)
- int s1 进入要去往的那个接口,
- Nat outbound 2000 interface 在此接口上用此规则
- Acl 2001
- rule permit source 192.168.3.0 0.0.0.255
- Int s0
- Nat outbound 2001 inter
2.此路由器上的配置:
- [R3]acl 2000
- [R3-acl-2000]permit ?
- Incorrect command
- [R3-acl-2000]rule permit ?
- source IP address of source host
- [R3-acl-2000]rule permit source ?
- X.X.X.X IP address of source host
- any Any source host
- [R3-acl-2000]rule permit source 192.168.3.0 0.0.0.255 ?
- www.xiaoxiongboke.com <cr>
- [R3-acl-2000]rule permit source 192.168.3.0 0.0.0.255
- Rule has been added to normal packet-filtering rules
- [R3-acl-2000]int s0
- [R3-Serial0]nat ?
- outbound Config nat address translation
- reset Reset All active NAT table
- server Configure Nat server in private network
- [R3-Serial0]nat outbound ?
- <2000-3999> ACL number
- [R3-Serial0]nat outbound 2000 int?
- interface Use Interface's IP address
- [R3-Serial0]nat outbound 2000 inter
- have existed in nat access table!