FAQ-S3328如何实现限制某端口只能有几个ip上网

发布时间:  2014-09-12 浏览次数:  208 下载次数:  13
问题描述
Q:
S3328如何实现限制某端口只能有几个ip上网?
告警信息
处理过程
A:
3328m目前的版本不支持端口和ip的绑定。
现在在设备上要实现限制某端口只能有几个ip上网,需要配置访问规则,在端口上应用策略来实现。
例:
假设端口0/0/1只允许ip为1.1.1.2的用户上网,其他ip地址都无法上网,配置如下:
[Quidway]acl number 3030                                                                
[Quidway-acl-adv-3030] rule  permit ip source 1.1.1.2 0                         
[Quidway]acl number 3031                                                                
[Quidway-acl-adv-3030] rule permit ip
[Quidway]traffic classifier test1                                                       
[Quidway-classifier-test1] if-match acl 3030               
[Quidway]traffic classifier test2                                                       
[Quidway-classifier-test2] if-match acl 3031
[Quidway]traffic behavior test1     
[Quidway-behavior-test1]permit                                              
[Quidway]traffic behavior test2                                                         
[Quidway-behavior-test2] deny
[Quidway]  traffic policy test                                                            
[Quidway-trafficpolicy-test] classifier test1 behavior test1   
[Quidway-trafficpolicy-test] classifier test2 behavior test2
[Quidway]interface Ethernet 0/0/1                                              
[Quidway-Ethernet0/0/1]traffic-policy test inbound 
注:此处的策略test中的规则为深度优先匹配
根因
建议与总结

END