+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
access-list逐條匹配,滿足條件即轉發,因此access-list的過濾順序非常重要
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
使用形式:
access-list[list number][permit關鍵字|deny關鍵字][specified_address][log]
[specified_address]:
[host關鍵字 source_address | any關鍵字]
[address]
[wildcard mask]
擴展型使用形式:
access-list[list number][permit|deny][protocol][source specified_address][source port][destination specified_address][destination port][log options]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
要點注意:
標準型IP訪問列表list-number範圍:0~99
擴展型IP訪問列表list-number範圍:100~199
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
使用實例:
eg01.指定網絡允許其數據包通過:access-list 1 permit 192.46.28.0 0.0.0.255
eg02.指定主機允許其數據包通過:access-list 1 permit 192.46.28.123 0.0.0.0[或access-list 1 permit host 192.46.28.123]
eg03.允許所有數據包通過:access-list 1 permit 0.0.0.0 255.255.255.255[或access-list permit any]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
生效命令:
>>interface f0/1
>>ip access-group 1 in/out
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
說明:
只需要根據數據包的源地址進行過濾時,請採用標準型IP訪問列表
如果需要根據更高級的規則實現過濾,則採用擴展型IP訪問列表
在創建通配符掩碼的時候,二進制0表示匹配,二進制1表示不匹配
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ACL的一些總結
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章