接口下使用access-group调用access-list 可以用于允许或拒绝以下流量:
1.穿越路由器的流量
2.抵达路由器的流量
比如你只允许内网192.168.1.0/24网段的主机访问外部1.1.1.1这个IP地址
access-list 101 per 192.168.1.0 0.0.0.255 host 1.1.1.1
interface g0/0(内网接口)
ip access-group 101 out
line vty下使用access-class调用access-list 可以用于允许或拒绝以下流量:
1.抵达路由器的流量(如telnet、SSH)
比如你只允许来自10.0.0.1这个IP地址的主机SSH管理你的路由器
access-list 102 permit tcp host 10.0.0.1 any eq 22
line vty 0 4
access-class 102 in
=================================================
ip access-group用在接口下;access-class用在VTY线下
access-class命令前面没有“ip”
都说这么详细了楼主你还不满意?
ll zuanjing
match access-group name zuanjing
class-map match-all caiyouchang
match access-group name caiyouchang
!
policy-map daikuanxianzhi
class zuanjing
police cir 2000000 bc 80000 be 80000
conform-action transmit
exceed-action drop
class caiyouchang
police cir 2000000 bc 80000 be 80000
conform-action transmit
exceed-action drop
!
interface FastEthernet0/0
service-policy input daikuanxianzhi
service-policy output daikuanxianzhi
!
端口限速:
interface FastEthernet0/0
rate-limit input access-group 101 2000000 80000 80000 conform-action transmit exceed-action drop
rate-limit output access-group 102 2000000 80000 80000 conform-action transmit exceed-action drop
!
流量整形:
interface Ethernet1/0
traffic-shape group 101 2000000 80000 80000
traffic-shape group 102 2000000 80000 80000
!
建议看看《tcp/ip路由技术卷一》
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ号:24596024