HCIE实验LAB_1(6)

Section 6: Security

 

6.1 TCP/UDP flooding

acl 3000

rule 5 deny tcp destination-port eq 135

rule 10 deny tcp destination-port eq 139

rule 15 deny und destination-port eq 445

 

interface g0/0/1

traffic-filter inbound acl 3000

 

6.2 Strom-control

interface s1/0/0

strom-control multicast min-rate 1000 max-rate 2000

strom-control interval 60

strom-control action block

strom-control enable log

 

6.3 访问控制

time-range offwork 23:00 to 00:00 workday

time-range offwork 00:00 to 07:00 workday

acl 2000

rule 5 permit source 10.1.10.100

rule 10 deny source 10.1.10.0 0.0.0.255 time-range offwork

 

interface g0/0/1

traffic-filter inbound acl 2000

 

posted on 2017-04-06 21:50  花名八戒  阅读(206)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 花名八戒
Powered by .NET 8.0 on Kubernetes