Shulou(Shulou.com)06/01 Report--

The main transport layer protocols are TCP and UDP. Let's briefly introduce TCP and UDP:

TCP

Port number: used to distinguish between applications

Source port number: represents the process used by the sender (random)

Destination port: represents the process used by the receiver (fixed)

Serial number: convenient for receiver reassembly (32bits) range 0Murray 2 to the 32th power minus 1

Confirmation number: used to confirm the information of the sender, serial number + 1

1. Tell the sender that the message before the confirmation number has been received.

two。 The number of the next data sent

Window size: represents the amount of data acceptable to the party (flow control)

Checksum: check whether the entire TCP segment is correct

The connection process of TCP is accomplished by three-way handshake.

SYN: the flag bit for establishing a connection

FIN: flag bit for disconnection

RST: re-establish connection (retransmit)

ACK: confirm the valid sign direction

It's like An and B on the phone.

A: Hello?

B: Hello?

A: talk about things.

It's the same thing!

It takes four steps for TCP to disconnect.

This involves a semi-closed concept: the TCP party (usually the client) can stop sending data, but it can still accept data, which is called semi-closed.

Commonly used ports and protocols:

TCP is widely used in the network, mainly used in the environment that requires high reliability of data transmission, such as web browsing, it uses a column of TCP to improve the reliability of HTTP. When using TCP, the communicator requires high reliability of data, so it is acceptable to reduce some data transfer rates.

UDP

It's a lot less than TCP, and it roughly contains the same content, with one exception:

Checksum: check only the header, not the content data

Commonly used ports and protocols

UDP protocol is also widely used in daily life. It is very popular because of its fast transmission speed, such as QQ, Wechat and other social software.

Next, we will mainly talk about access control lists.

It reads layer 3 and layer 4 information on the router, such as source address, destination address, protocol, source port, destination port and so on.

Today we briefly introduce three simple ACL notes: (you must ensure that the network is connected before you can use ACL)

Matching order of ACL

Standard ACL

Only based on the source IP address to reject the packet, the access control list number is 1 Murray 99.

Let's introduce how to use the standard ACL through a small extension.

Next let's create a standard ACL list

(personally, it is recommended that a standard ACL be created close to the destination address if both routers in the figure are manageable.)

R2 (config) # access-list 1 deny host 192.168.1.10 # create ACL list 1 deny host 192.168.1.10 access R2 (config) # access-list 1 deny 192.168.1.0 0.0.255 # create ACL list 1 deny access to all hosts on the 192.168.1.0 network segment R2 (config) # access-list 1 permit any # create ACL list 1 to allow all hosts to access (note that ACL is checked from top to bottom Find and stop) R2 (config) # int f0/1r2 (config-if) # ip access-group 1 out # apply to egress r2#show access-lists # of R2 router f0bin1 view the created ACL list Standard IP access list 1 deny host 192.168.1.10 Deny 192.168.1.0 0.0.0.255 permit any

Next, let's verify it.

If the ACL list creates many records, deleting one of them is tantamount to deleting the ACL list if you want to modify it.

R2 (config) # no access-list 1 deny host 192.168.1.10 r2#show access-lists

Extended ACL

According to the source IP address, destination IP address, specified protocol, port and flag of the packet to allow or deny the packet, the access control list number is 100 Murray 199.

Let's also introduce the extended ACL through a simple topology.

Next let's create an extended ACL list rule

(personally, it is recommended that an extended ACL be created close to the source address if both routers in the figure are manageable.)

R1 (config) # access-list 101 permit tcp host 192.168.1.10 host 192.168.3.20 eq 8 allows host 192.168.1.10 to access port 80 of host 192.168.3.20 (eq equals) R1 (config) # access-list 101 deny icmp host 192.168.1.10 host 192.168.3.20 echo# deny host 192.168.1.10 puzzle host 192.168.3.20r1 (config) # access -list 101permit ip any any# allows all hosts to access all hosts R1 (config) # int f0/0r1 (config-if) # ip access-group 101in# applied to the f0lox0 interface of the R1 router

Let's verify the effect.

Extended ACL is the same as standard ACL. If the ACL list creates many records, deleting one of them is tantamount to deleting the ACL list if you want to modify it.

R2 (config) # no access-list 101 permit tcp host 192.168.1.10 host 192.168.3.20 eq 80 r2#show access-lists

Named ACL

The named ACL can replace the table number with a name, or you can delete any rule after adding it at the specified location.

Let's also introduce named ACL through a simple topology.

Next let's create a named ACL rule

R1 (config) # ip access-list extended benet# create named extended ACL list (create standard named ACL, option standard) Named benetr1 (config-ext-nacl) # permit tcp host 192.168.1.10 host 192.168.3.20 eq 8 allows host 192.168.1.10 to access host 192.168.3.20 80 port R1 (config-ext-nacl) # permit tcp host 192.168.1.10 host 192.168.3.20 eq 2 allows host 192.168.1.10 to access host 192.168.3.20 port R1 (config-ext-) Nacl) # deny icmp host 192.168.1.10 host 192.168.3.20 echo# deny host 192.168.1.10 flattening host 192.168.3.20r1 (config-ext-nacl) # permit ip any any# allows all hosts to access all hosts R1 (config) # int f0/0r1 (config-if) # ip access-group benet in# apply named ACL to the entry interface direction r1#show access-lists # of R1 router f0max 0 Take a look at the ACL list (note that each list rule is preceded by a number) Extended IP access list benet 10 permit tcp host 192.168.1.10 host 192.168.3.20 eq www 20 permit tcp host 192.168.1.10 host 192.168.3.20 eq ftp 30 deny icmp host 192.168.1.10 host 192.168.3.20 echo 40 permit ip any any

Test effect

Next, let's modify the ACL list slightly.

R1 (config) # ip access-list extended benet# enters R1 (config-ext-nacl) # no permit tcp host 192.168.1.10 host 192.168.3.20 eq 2 deletion rule (allows host 192.168.1.10 to access port 21 of host 192.168.3.20) R1 (config-ext-nacl) # 5 permit icmp host 192.168.1.10 host 192.168.3.20 echo# add section 5 Rules allow host 192.168.1.10 to spell out host 192.168.3.20r1#show access-lists # to view rules Rule 5 was found, and Rule 20 disappeared Extended IP access list benet 5 permit icmp host 192.168.1.10 host 192.168.3.20 echo 10 permit tcp host 192.168.1.10 host 192.168.3.20 eq www 30 deny icmp host 192.168.1.10 host 192.168.3.20 echo 40 permit ip any any

Verification effect

In comparison, named ACL is more flexible and practical than standard ACL and extended ACL. In real world, it can be used in combination with actual situation.

This is all about how to apply ACL on a router. Let's briefly introduce how to apply ACL on a switch (or the experimental topology above).

Switch (config) # int vlan 1Switch (config-if) # ip add 192.168.1.254 255.255.255.0Switch (config-if) # no sh# set the virtual IP address Switch (config) # username cisco pass 12 to the switch to create a local user name, Password Switch (config) # access-list 101 deny tcp host 192.168.1.10 host 192.168.1.254 eq telnet# creation ACL list denies host remote management switch Switch (config) # access-list 101 permit ip any any# creation ACL list allows all Switch (config) # line vty 0 4Switch (config-line) # login local# local authentication Switch (config-line) # access-class 101 in# application number 101s ACL list (routers apply ACL in interface mode ACL cannot be applied to the virtual interface of the switch, it can only be applied this way)

Write keywords commonly used in lists

For example, host 192.168.1.1 has the same effect as 192.168.1.1 0.0.0.0 and any has the same effect as 0.0.0.0 255.255.255.255.

Let's introduce so much today. May we make common progress and work together!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.