华为和锐捷设备流统配置

华为：

<AR6121E-S>dis acl 3333
Advanced ACL 3333, 4 rules
Acl's step is 5
 rule 5 permit icmp source 192.168.188.2 0 destination 192.168.88.88 0 
 rule 10 permit icmp source 192.168.88.88 0 destination 192.168.188.2 0 
 rule 15 permit udp source 14.23.154.114 0 source-port eq 1701 destination 14.145.146.57 0 (7 matches)
 rule 20 permit udp source 14.145.146.57 0 destination 14.23.154.114 0 destination-port eq 1701 (7 matches)

 int g0/0/8
 traffic-filter inbound acl 3333
 traffic-filter outbound acl 3333

 [AR6121E-S]capture-packet interface g 0/0/8 acl 3333 destination terminal 
 

锐捷：

注意：以下ip地址仅为举例，以现场实际ip地址为准

第一步：创建ACL

ip access-list extended test-down-in

 10 permit icmp host 104.52.56.14 host 172.26.131.30

 20 permit icmp host 172.26.131.30  host 104.52.56.14

 100 permit ip any any

!

ip access-list extended test-down-out

 10 permit icmp host 104.52.56.14 host 172.26.131.30

 20 permit icmp host 172.26.131.30  host 104.52.56.14

 100 permit ip any any

!

ip access-list extended test-up-in

10 permit icmp host 104.52.56.14 host 172.26.131.30

 20 permit icmp host 172.26.131.30  host 104.52.56.14

 100 permit ip any any

!

ip access-list extended test-up-out

10 permit icmp host 104.52.56.14 host 172.26.131.30

 20 permit icmp host 172.26.131.30  host 104.52.56.14

 100 permit ip any any

！

 第二步：开启ACL计数

 !

ip access-list counter test-up-in

!         

ip access-list counter test-up-out

!

ip access-list counter test-down-out

!

ip access-list counter test-down-in

第三步：

上下联口调用ACL：

上联口（连接路由器的接口）

比如连接的是g0/1(以具体连接的接口为准)

int g0/1

ip access-group test-up-in in

ip access-group test-up-out out

下连口（连接电脑的接口）

ip access-group test-down-in in

ip access-group test-down-out out

第四步：

查看计数：show access-lists

清除计数：clear counters

注意：若clear counters无法清除计数统计，则clear counters access-list xx（xx代表acl的名字）来清除