HCIE实验LAB_1（6）

标签：nbsp   ica   traffic   filter   port   security   tin   lte   lock   

Section 6: Security

6.1 TCP/UDP flooding

acl 3000

rule 5 deny tcp destination-port eq 135

rule 10 deny tcp destination-port eq 139

rule 15 deny und destination-port eq 445

interface g0/0/1

traffic-filter inbound acl 3000

6.2 Strom-control

interface s1/0/0

strom-control multicast min-rate 1000 max-rate 2000

strom-control interval 60

strom-control action block

strom-control enable log

6.3 访问控制

time-range offwork 23:00 to 00:00 workday

time-range offwork 00:00 to 07:00 workday

acl 2000

rule 5 permit source 10.1.10.100

rule 10 deny source 10.1.10.0 0.0.0.255 time-range offwork

interface g0/0/1

traffic-filter inbound acl 2000

HCIE实验LAB_1（6）

标签：nbsp   ica   traffic   filter   port   security   tin   lte   lock   

原文地址：http://www.cnblogs.com/xuebing666666/p/6684135.html