问答题【简答题】
NE80E上配置acl3200但是测试发现不生效,无法deny对220.181.27.100的访问。配置如下:
acl number 3001
rule 5 deny udp destination-port eq 135
%此防病毒的列表由于篇幅关系在此省略%
rule 130 deny udp destination-port eq 9996 rule 200 permit ip
#
acl number 3200
rule 5 deny ip destination 220.181.27.100 rule 10 permit ip #
traffic classifier baidu operator and if-match acl 3200
traffic classifier virus operator or if-match acl 3001#
traffic behavior baidu traffic behavi or virus #
traffic policy virus
classifier virus behavior virus classifier baidu behavior baidu #
%在所有的子接口都启用了这个traffic policy,以下不详述% interfaceGigabitEthernet1/0/7.733
vlan-type dot1q 733
ipaddress 218.92.124.181 255.255.255.252
traffic-policy virus inbound
