telnet:
<Quidway>system-view 三層交換機 HUAWEI Quidway S3526E
[Quidway]acl number 2002
[Quidway-acl-basic-2002]rule 5 permit source 192.168.101.99 0
[Quidway-acl-basic-2002]rule 10 deny source any
[Quidway-acl-basic-2002]quit
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]acl 2002 inbound
[Quidway]dis acl config all
Basic ACL 2002, 2 rules,
rule 10 deny (0 times matched)
rule 5 permit source 192.168.101.99 0 (0 times matched)
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335526nOls.jpg"></a>
telnet兩次
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335528SkrU.jpg"></a>
rule 10 deny (2 times matched)
(注意:display cu 時如果看到的也是 deny在前,permit在後,<b>要調整下先後順序</b>)
rule 5 permit source 192.168.101.99 0 (2 times matched)
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335532Cxkc.jpg"></a>
ssh:
[Quidway]local-user gjp
New local user added.
[Quidway-luser-gjp]password simple 123
[Quidway-luser-gjp]service-type ssh level 3
[Quidway]ssh user gjp authentication-type password
[Quidway]rsa local-key-pair create
The key name will be: Quidway_Host
% RSA keys defined for Quidway_Host already exist.
Confirm to replace them? [yes/no]:y
[Quidway-ui-vty0-4]protocol inbound all
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335540Y5Gc.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335544ROOd.jpg"></a>
rule 5 permit source 192.168.101.99 0 (5 times matched)
通路清單比對項會再增 1
web:
< SW1 >dir //二層交換機 HUAWEI Quidway S2000 Serials
Directory of unit1&gt;flash:/
1 (*) -rw- 4274300 Jun 24 2006 14:25:26 s2000hi-vrp310-r0008.bin
2 (*) -rw- 800571 Jan 01 2004 00:00:00 hw-http3.1.5-0041.web
3 (*) -rw- 1195 Apr 02 2000 01:41:54 f.cfg
4 -rw- 616 Apr 02 2000 02:30:39 f1.txt
7239 KB total (2274 KB free)
(*) -with main attribute (b) -with backup attribute
(*b) -with both main and backup attribute
[SW1]time-range wt 08:30 to 12:00 daily //一星期中的每一天
[SW1]time-range wt 14:00 to 18:00 daily
[SW1]dis time-range all
Current time is 00:00:26 Apr/2/2000 Sunday
Time-range : wt ( Inactive )
08:30 to 12:00 daily
14:00 to 18:00 daily
[SW1]dis clock
00:00:44 UTC Sun 04/02/2000
Time Zone : add 00:00:00
<SW1<b>>clock datetime 17:27:00 08/07/2012 //</b><b>注意模式</b>
<SW1>dis clock
17:27:05 UTC Tue 08/07/2012
<SW1>dis time-range all
Current time is 17:27:29 Aug/7/2012 Tuesday
Time-range : wt ( Active )
[SW1]acl number 2000 後面可以選擇深度優先(auto)或配置優先(conf)
[SW1-acl-basic-2000]rule 10 permit source 192.168.101.99 0 time-range wt //代表一台主機
[SW1-acl-basic-2000]rule 20 deny source any
[SW1-acl-basic-2000]quit
[SW1]dis acl all
Total ACL Number: 1
Basic ACL 2000, 2 rules
Acl's step is 1
rule 10 permit source 192.168.101.99 0 time-range wt(0 times matched) (Active)
rule 20 deny (0 times matched)
[SW1]dis tcp status
*: TCP MD5 Connection
TCPCB Local Add:port Foreign Add:port State
81dd54d4 0.0.0.0:22 0.0.0.0:0 Listening
81dd52c4 0.0.0.0:23 0.0.0.0:0 Listening
81de3bd4 0.0.0.0:80 0.0.0.0:0 Listening
<b>[SW1]ip http acl 2000 //</b><b>應用</b>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_13443355475rMs.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335550LmoE.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335553PMXp.jpg"></a>
rule 10 permit source 192.168.101.99 0 time-range wt(44 times matched) (Active)
虛拟機xp測試如下:
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335557pc1R.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335559thLX.jpg"></a>
rule 10 permit source 192.168.101.99 0 time-range wt(44 times matched) (Inactive)
rule 20 deny (3 times matched)
18:05:06 UTC Tue 08/07/2012 //時間不在我們設定的上班時間内
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_13443355618BzS.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335564iCe5.jpg"></a>
所允許的主機也不能正常工作!
<SW1>clock datetime 17:30:00 08/07/2012
<a href="http://5645432.blog.51cto.com/attachment/201208/7/5635432_1344335565p17U.jpg"></a>
本文轉自 gjp0731 51CTO部落格,原文連結:http://blog.51cto.com/guojiping/957472
![nmap –script 使用:nmap-vulners 和 vulscan出現錯誤 ‘/usr/bin/../share/nmap/scripts/vulscan’ found, but will[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)