华为:
<AR6121E-S>dis acl 3333
Advanced ACL 3333, 4 rules
Acl's step is 5
rule 5 permit icmp source 192.168.188.2 0 destination 192.168.88.88 0
rule 10 permit icmp source 192.168.88.88 0 destination 192.168.188.2 0
rule 15 permit udp source 14.23.154.114 0 source-port eq 1701 destination 14.145.146.57 0 (7 matches)
rule 20 permit udp source 14.145.146.57 0 destination 14.23.154.114 0 destination-port eq 1701 (7 matches)
int g0/0/8
traffic-filter inbound acl 3333
traffic-filter outbound acl 3333
[AR6121E-S]capture-packet interface g 0/0/8 acl 3333 destination terminal
锐捷:
注意:以下ip地址仅为举例,以现场实际ip地址为准
第一步:创建ACL
ip access-list extended test-down-in
10 permit icmp host 104.52.56.14 host 172.26.131.30
20 permit icmp host 172.26.131.30 host 104.52.56.14
100 permit ip any any
!
ip access-list extended test-down-out
10 permit icmp host 104.52.56.14 host 172.26.131.30
20 permit icmp host 172.26.131.30 host 104.52.56.14
100 permit ip any any
!
ip access-list extended test-up-in
10 permit icmp host 104.52.56.14 host 172.26.131.30
20 permit icmp host 172.26.131.30 host 104.52.56.14
100 permit ip any any
!
ip access-list extended test-up-out
10 permit icmp host 104.52.56.14 host 172.26.131.30
20 permit icmp host 172.26.131.30 host 104.52.56.14
100 permit ip any any
!
第二步:开启ACL计数
!
ip access-list counter test-up-in
!
ip access-list counter test-up-out
!
ip access-list counter test-down-out
!
ip access-list counter test-down-in
第三步:
上下联口调用ACL:
上联口(连接路由器的接口)
比如连接的是g0/1(以具体连接的接口为准)
int g0/1
ip access-group test-up-in in
ip access-group test-up-out out
下连口(连接电脑的接口)
ip access-group test-down-in in
ip access-group test-down-out out
第四步:
查看计数:show access-lists
清除计数:clear counters
注意:若clear counters无法清除计数统计,则clear counters access-list xx(xx代表acl的名字)来清除
