ACL access Control list (2) 01/18 Update SLTechnology News&Howtos

ACL access Control list (2)

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Named Access Control List Configuration Lab

Create ACL Syntax Format:

Router(config)# ip access-list { standard | extended }access-list-name

Configure the standard named ACL syntax format:

Router(config-std-nac)# [ Sequence-Number ] { permit | deny }source[ source-wildcard ]

Configure Extended Named ACL Syntax Format:

router(config-ext-nacl)# [ Sequence-Number ] { permit | deny } protocol { source source-wildcard destination destionation-wildcard } [operator operan]

Standard Named ACL Application Examples:

router(config)#ip access-list standard cisco

router(config-std-nacl)# permit host 192.168.1.1

router(config-std-nac)# deny any

//Allow traffic only from host 192.168.1.1/24

To view ACL configuration information command:

outer#show access-list

Standard IP access list cisco

10 permit 192.168.1.1

20 deny any

Naming Control Access List Configuration Example:

Experimental requirements:

PC2 hosts in vlan10 can access PC1

Deny other hosts in vlan10 access to PC1

Allow hosts on other segments to access PC1

Experimental topology:

SW interface configuration of switch:

Enter the following command:

conf t

vlan 10,20

do show vlan-sw b

int f1/1

sw mo acc

sw acc vlan 10

int f1/2

sw mo acc

sw acc vlan 10

int f1/3

sw mo acc

sw acc vlan 20

do show vlan-sw b

int f1/0

sw mo t

sw t en dot

no ip routing

SW-3 interface configuration of layer 3 switch

Enter the following command:

conf t

int f1/1

no switchport

ip add 192.168.100.1 255.255.255.0

no shut

do show ip int b

#ex

vlan 10,20

int vlan 10

ip add 192.168.10.1 255.255.255.0

no shut

int vlan 20

ip add 192.168.20.1 255.255.255.0

no shut

int f1/0

sw mo t

sw t en dot

do show ip route

PC IP configuration:

PC1> ip 192.168.100.100 192.168.100.1

PC2> ip 192.168.10.10 192.168.10.1

PC3> ip 192.168.10.20 192.168.10.1

PC4> ip 192.168.20.20 192.168.20.1

At this time, it is in the whole network interworking, using PC2 to spell others

ping 192.168.100.100

ping 192.168.10.20

ping 192.168.20.20

On sw-3 enter the command access control list rule:

Enter the following:

ip access-list standard kgc

permit host 192.168.10.10

deny 192.168.10.0 0.0.0.255

permit any

do show access-list

int f1/1

ip access-group kgc out

Verify that the configuration results meet the experimental requirements

Three PCs were used to splice with PC1, PC2 and PC4 could be spliced, while PC3 showed rejection.

PC2> ping 192.168.100.100

PC3> ping 192.168.100.100

PC4> ping 192.168.100.100

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.