一,网络拓扑
二,实验说明
1,拒绝主机ip:192.168.56.1/24,在路由上通过端口21FTP访问
三,路由基本配置
1,在接口G0/0上配置IP地址:192.168.56.254/24
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 192.168.56.254 255.255.255.0
#
2,配置登录账号及FTP功能
#
local-user admin class manage
password hash $h$6$74yhHuyFx7wgEidf$WZUYOcFainsVIQSj1zvs4idBqfRoKlw7tfRS2hT86D1/5WpVQZ8IZcVRjXSmFvGUJAlNWnfM/Ojb1Sd6GDucKA==
service-type ftp
service-type ssh telnet terminal
authorization-attribute work-directory flash:/
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
3,telnet ,Ftp登录测试
四,ACL相关配置
1,创建ACL高级列表
#
acl advanced 3000
rule 0 permit tcp source-port eq ftp
#2,创建Classifier流分类,命名toFTP 并指向ACL 3000
#
traffic classifier toFTP operator and
if-match acl 3000
#
3,创建流行为behavior,并命名toFTP
#
traffic behavior toFTP
filter deny
#
4,创建qos策略P1
#
qos policy p1
classifier toFTP behavior toFTP
#
5,在接口g0/0下执行qos策略
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 192.168.56.254 255.255.255.0
qos apply policy p1 inbound
#
ACL访问控制列表基础理论实验:https://www.hao0564.com/5485.html