Shulou(Shulou.com)06/02 Report--

ACL access control list functionality

1. Limiting network traffic and improving network performance

2. Provide control over traffic

3. Provides basic security for network access

4. At the network device interface, it is decided which type of communication traffic is forwarded and which type of communication traffic is blocked

How ACL Works

1. Access control list in the direction of interface application

Outgoing direction: packets that have been processed by the router and are leaving the router interface

Incoming direction: packets that have reached the router interface will be processed by the router

List applied to interface direction is dependent on data direction

ACL Rule 1. Match from top to bottom 2. Once an ACL matches, stop looking 3. According to the above two rules, the exact or strict rules of ACL are written at the top 4. The default ACL contains a hidden deny all, that is, the default is to deny all data 5.acl is the action on the interface

The basic rules are:

(1) Place the extended ACL as close as possible to the source of the traffic to be denied. This allows unwanted traffic to be filtered out before it flows through the network.

(2) Because standard ACL does not specify a destination address, it should be located as close to the destination as possible.

Outgoing: Packets that have been processed by the router and are leaving the router interface

In: packets that have arrived at router interfaces will be processed by routers

ALC access control list types

standard access control list

the standard access control list for filter packets base on that source IP address has access control list numbers 1-99

Extended access control list Access control list numbers 100-199 based on source IP address, destination IP address, specified protocol, port, and flags for incoming packets Extended access control list

Named access control lists Named access control lists allow you to configure ACL related commands using names instead of table numbers in standard and extended access control lists

All commands are configured in global mode

create an ACL

Router(config)#access-list access-list-number { permit |deny} source [source-wildcard ]access-list-number : standard ACL number, range 0-99permit : allow packet to pass deny: deny packet to pass source: network address or host address from which packet was sent source-wildcard: source ip address

remove the ACL

Router(config)# no access-list access-list-number

keywords

host 、any

Apply ACL to interface

Router(config-if)#ip access-group access-list-number {in |out}ip access-group: standard ACL number, range 0-99access-list-number: standard ACL number, range 0-99in: restrict incoming connections between specific devices and addresses in the access list out: restrict outgoing connections between specific devices and addresses in the access list

Unapply ACL on an interface

Router(config-if)# no ip access-group access-list-number {in |out} practical operation

detailed configuration

1. Three PCs (VPCS) in the topology diagram

2. Change the name of one of the two routers to "SW" and add a layer 2 service board (NM-16ESW).

Lab objective: PC2 accesses PC3 via ACL access control list, while PC1 cannot access PC3

Step 1: Configure the Switch

Step 2: Enter router R1 for configuration.

View IP address configuration

Step 3: Configure IP addresses for three PCs and test interoperability

Step 4: Create ACL control list and apply ACL to f0/0 interface

Step 5: Test the results

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.