2610(config)# access-list 2 permit 192.168.0.15 0.0.0.63
2610(config)# class-map acgroup2
2610(config-cmap)# match access-group 2
2610(config-cmap)# exit
2610(config)# policy-map police
2610(config-pmap)# class acgroup2
2610(config-pmap-c)# police 20000 2000 4000 conform-action transmit exceed-action drop
2610(config-pmap-c)# exit
2610(config-pmap)# exit
2610(config)# interface ethernet 0/0
2610(config-if)# service-policy input police
冲击波路由配置:
access-list 115 deny udp any any eq 69
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq 137
access-list 115 deny udp any any eq 138
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq 139
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
interface <interface>
ip access-group 115 in
ip access-group 115 out
另外,阻止非法地址的命令是
Router(config)# interface <interface>
Router(if-config)# no ip unreachables
如果此命令不能禁止,可参考下面这个命令
Elab(config)# ip icmp rate-limit unreachable <millisecond
文章评论
共有 位脚本之家网友发表了评论我来说两句