In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Principle of ACL Control access list + experiment
1. Principle: ACL uses packet filtering technology to read the information in the packet header of the third and fourth layers of the ISO seven-layer model on the router, such as source address, destination address, source port, destination port, etc., and filter the packet header according to the pre-defined rules.
2, match one by one from top to bottom, once match, stop matching, a mismatch, execute implicit (reject) command.
3. In principle, the ACL control access list is more efficient at the ingress port.
4. There are three types of ACL:
A, standard ACL, allows or denies forwarding packets based on the source IP address of the packet, list number (1-99)
B, extended ACL, based on the source IP address, destination IP address, protocol, port and flag of the packet to allow or deny forwarding of the packet, list number
C, named ACL, named ACL allows names to be used instead of list numbers in standard and extended ACL
5. The command syntax of standard ACL is as follows:
Router (config) # access-list access-list-number (permit | deny) source (source-wildcard)
Access-list-number: list number
Permit: allow deny: deny
Source: the source address of the packet
Source-wildcard: wildcard mask, also known as inverse code
6. The command syntax for extending ACL is as follows:
Router (config) # access-list access-list-number source (permit | deny) protocol
(source source-wildcard destination destination-wildcard) (operator operan)
Protocol: specify the protocol type, such as tcp, ip, udp, icmp, etc.
Destination: destination addr
Operator operan: It (less than), gt (greater than), eq (equal to), neq (not equal to) one port number
7. The command syntax for naming ACL is as follows:
Router (config) # ip access-list (standard | extended) access-list-name
Standard: standard
Extended: extension
For example, 192.168.10.2 0.0.0.0 can also be expressed as host 192.168.10.2 0.0.0.0 255.255.255.255 or as any
The ACL access control list will not take effect until ACL is applied to the interface
The command syntax is as follows: router (config-if) # ip access-group access-liat-number (in | out)
The function of named ACL is to better manage access control lists, which can be added or subtracted, and the order of lists can be adjusted according to the size of Sequence-Number numbers.
If you want to use a named ACL, whether it's standard ACL or extended ACL, the first step is to name the ACL operation
8. According to the standard ACL, extend ACL and name ACL. Do experiments separately
1. Experimental topology diagram:
Obviously, according to the requirements, this is a standard ACL access control list. The details are as follows.
Experimental topology diagram:
It is obvious that you need to add an extended ACL access list, as follows:
Experimental topology diagram:
The specific operations are as follows:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.