ACL Technology extends ACL 01/19 Update SLTechnology News&Howtos

ACL Technology extends ACL

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Purpose: to realize the function of ACL

Experimental principle: by creating conditions in ACL, when you call ACL, you can filter data through ACL conditions.

The steps of the experiment:

Step one:

Basic information about configuring PC

192.168.1.1

255.255.255.0

Without a gateway, this lab does not need

192.168.1.2

255.255.255.0

Configure the router with a gateway

Inter g0/0

No shutdown

Ip add 192.168.1.254 255.255.255.0

The second step, show ip access-lists, verify and view the information on the ACL

Step 3: create an ACL

Access-list 1 deny 192.168.1.1 0.0.0.0

Access-list 1 permit any

Step 4:

Inter g0/0

Ip access-group 1 in

Note: since there is an implicit deny any behind access-list 1 deny (due to any ACL), 192.168.1.2 will be blocked at the same time, as long as you do the following:

Access-list 1 permit any is fine.

If you want to turn it the other way around, let 1.1 be able to ping, but 1.2ping can not, as follows

No access-list 1 deny 192.168.1.1 0.0.0.0

And then just do it again.

# # #

ACL configuration commonly used in work-named ACL:

Create ACL-

GW (config) # ip access-list standard Deny-Ping

GW (config-std-nacl) # 10 deny 192.168.1.2 0.0.0.0

GW (config-std-nacl) # 20 permit any

GW (config-std-nacl) # exit

Call ACL-

GW (config) # interface g0and0

GW (config-if) # ip access-group Deny-Ping in

If you want to change the extension ACL,no, drop the one above.

GW (config) # interface g0and0

GW (config-if) # no ip access-group Deny-Ping in

GW (config) # no ip access-list standard Deny-Ping

# # #

To match more accurate traffic, we use "extended ACL":

Create ACL-

Ip access-list extended notPing

10 deny icmp host 192.168.1.2 host 192.168.1.254 host 192.1.2 to gateway 1.254 icmp (ping packet) cannot get through

20 permit ip any any other things are OK, such as TCP

Call ACL-

Interface g0/0

Ip access-group notPing in

Verify--

Ping

Show ip access-list

Show ip interface g0/0

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.