<!-- wp:quote -->

<p>一起学习acl在不同品牌的配置</p>

<!-- /wp:quote --> <!-- wp:more --> <!-- /wp:more --> <!-- wp:tadv/classic-paragraph --> <h2>普通ACL</h2> <h3>编号从1-99</h3> <h4>允许主机192.168.1.1通过，acl编号为1</h4>

Ruijie(config)#access-list 1 permit host  192.168.1.1 

<h4>允许192.168.3.0网段通过，acl编号20</h4>

Ruijie(config)#access-list 20 permit 192.168.3.0 0.0.0.255

<h2>扩展ACL</h2> <h3>编号从100-199和2000-2699</h3> <h4>让192.168.5.0网段无法访问192.168.1.0网段的www服务</h4>

 Ruijie(config)#access-list 150 deny tcp 192.168.1.0 0.0.0.255 eq www 192.168.5.0 0.0.0.255 
Ruijie(config)#ip access-list 100 permit ip any any  ------>ACL默认最后一句是deny ip any any ,故为保证其他数据能通过必须配置一条permit ip any any

<!-- /wp:tadv/classic-paragraph --> <!-- wp:tadv/classic-paragraph --> <h3>将ACL放进接口</h3> <h4>这个是in方向</h4>

Ruijie(config-if-VLAN 1)#  ip access-group 150 in

<h4>这个是out方向</h4>

Ruijie(config-if-VLAN 1)#  ip access-group 1 out 

<h4>路由接口下也是一样的配置</h4>

Ruijie(config-if-GigabitEthernet 0/1)#ip access-group 15 in 

<h3>查看配置</h3>

Ruijie(config-if-VLAN 1)#show access-lists 
Ruijie(config-if-VLAN 1)#show access-lists 150
Ruijie#show ip access-group    查看ACL在接口下的应用

<!-- /wp:tadv/classic-paragraph -->

<!-- wp:paragraph -->
<p></p>
<!-- /wp:paragraph -->