(1)请用自己的语言描述基本ACL和高级ACL的区别
(2)AAA支持的认证、授权和计费方式分别有哪几种?
- AAA支持的认证方式有不认证 本地认证 远端认证
- AAA支持的授权方式为不授权 本地授权 远端授权
- AAA支持计费方式为不计费 远端计费
补充:https://support.huawei.com/enterprise/zh/doc/EDOC1100219440/
(3)如下图所示的网络,从安全角度考虑,路由器A拒接从G0/0/1接口收到的OSPF报文、 GRE报文、 ICMP报文,以下哪些命令可以实现这个需求?(ABD)
A. acl number 3000
rule 5 deny gre
rule 10 deny ospf
rule 15 deny icmp
# interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
B. acl number 3000
rule 5 deny gre
rule 10 deny 89
rule 15 deny icmp
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
C. acl number 2000
rule 5 deny 47
rule 10 deny 89
rule 15 deny 1
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 2000
#
D. acl number 3000
rule 5 deny 47
rule 10 deny 89
rule 15 deny 1
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
(4)如图所示的网络,通过以下哪些配置可以实现主机A不能访间主机B的HTTP服务,主机B不能访问主机A的下FTP服务?(BD)
A. acl number 3000
rule 5 deny tcp source 100.0.12.0 0.0.0.255 source-port eQwww destination 100.0.13.0 0.0.0.255
#
acl number 3001
rule 5 deny tcp source 100.0.13.0 0.0.0.255 source-port eQftp destination 100.0.12.0 0.0.0.255
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3001
#
B. acl number 3000
rule 5 deny tcp source 100.0.13.0 0.0.0.255 destination 100.0.12.0 0.0.0.255 destination-port eQwww
#
acl number 3001
rule 5 deny tcp source 100.0.12.0 0.0.0.255 destination 100.0.13.0 0.0.0.255 destination-port eQftp
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter inbound acl 3001
#
C. acl number 3000
rule 5 deny tcp source 100.0.13.0 0.0.0.255 destination 100.0.12.0 0.0.0.255 destination-port eQwww
#
acl number 3001
rule 5 deny tcp source 100.0.12.0 0.0.0.255 destination 100.0.13.0 0.0.0.255 destination-port eQftp
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3001
#
D. acl number 3000
rule 5 deny tcp source 100.0.12.0 0.0.0.255 source-port eQwww destination 100.0.13.0 0.0.0.255
#
acl number 3001
rule 5 deny tcp source 100.0.13.0 0.0.0.255 source-port eQftp destination 100.0.12.0 0.0.0.255
#
interface GigabitEthernet0/0/1
traffic-filter intbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter inbound acl 3001
#
(5)如下图所示的网络。通过以下哪个配置可以实现所有主机都能和主机C通信。但是主机A和主机B不能通信? (C)
A. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98d3-104d
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 4000
#
B. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98d3-104d
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 4000
#
C. acl number 4000
rule 5 deny destination-mac 5489-98ca-4c7c source-mac 5489-98c0-550e
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 4000
#
D. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98c0-550e
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 4000
#