HCIA网络课程第七周作业

（1）请用自己的语言描述基本ACL和高级ACL的区别

（2）AAA支持的认证、授权和计费方式分别有哪几种？

• AAA支持的认证方式有不认证 本地认证 远端认证
• AAA支持的授权方式为不授权 本地授权 远端授权
• AAA支持计费方式为不计费 远端计费

补充：https://support.huawei.com/enterprise/zh/doc/EDOC1100219440/

（3）如下图所示的网络，从安全角度考虑，路由器A拒接从G0/0/1接口收到的OSPF报文、 GRE报文、 ICMP报文，以下哪些命令可以实现这个需求？（ABD）

A. acl number 3000 
rule 5 deny gre
rule 10 deny ospf
rule 15 deny icmp
# interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
B. acl number 3000
rule 5 deny gre
rule 10 deny 89
rule 15 deny icmp
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
C. acl number 2000
rule 5 deny 47
rule 10 deny 89
rule 15 deny 1
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 2000
#
D. acl number 3000
rule 5 deny 47
rule 10 deny 89
rule 15 deny 1
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000 
# 

（4）如图所示的网络，通过以下哪些配置可以实现主机A不能访间主机B的HTTP服务，主机B不能访问主机A的下FTP服务？（BD）

A. acl number 3000 
rule 5 deny tcp source 100.0.12.0 0.0.0.255 source-port eQwww destination 100.0.13.0 0.0.0.255
#
acl number 3001
rule 5 deny tcp source 100.0.13.0 0.0.0.255 source-port eQftp destination 100.0.12.0 0.0.0.255
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3001
#
B. acl number 3000
rule 5 deny tcp source 100.0.13.0 0.0.0.255 destination 100.0.12.0 0.0.0.255 destination-port eQwww
#
acl number 3001
rule 5 deny tcp source 100.0.12.0 0.0.0.255 destination 100.0.13.0 0.0.0.255 destination-port eQftp
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter inbound acl 3001
#
C. acl number 3000
rule 5 deny tcp source 100.0.13.0 0.0.0.255 destination 100.0.12.0 0.0.0.255 destination-port eQwww
#
acl number 3001
rule 5 deny tcp source 100.0.12.0 0.0.0.255 destination 100.0.13.0 0.0.0.255 destination-port eQftp
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3001
#
D. acl number 3000
rule 5 deny tcp source 100.0.12.0 0.0.0.255 source-port eQwww destination 100.0.13.0 0.0.0.255
#
acl number 3001
rule 5 deny tcp source 100.0.13.0 0.0.0.255 source-port eQftp destination 100.0.12.0 0.0.0.255
#
interface GigabitEthernet0/0/1
traffic-filter intbound acl 3000
#
interface GigabitEthernet0/0/2
traffic-filter inbound acl 3001
# 

（5）如下图所示的网络。通过以下哪个配置可以实现所有主机都能和主机C通信。但是主机A和主机B不能通信？ （C）

A. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98d3-104d
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 4000
#
B. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98d3-104d
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 4000
#
C. acl number 4000
rule 5 deny destination-mac 5489-98ca-4c7c source-mac 5489-98c0-550e
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 4000
#
D. acl number 4000
rule 5 deny destination-mac 5489-98ea-4c7c source-mac 5489-98c0-550e
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 4000
#