In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
Editor to share with you the standard ACL configuration example analysis, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to know it!
Access control list (1) structure:
one。 Access Control list Overview: access Control list (ACL)
1. Read the header information of layer 3 and layer 4
two。 Filter packets according to predefined rules
two。 How access control class tables work access control lists are applied in the direction of the interface:
Out: packets that have been processed by the router and are leaving the router interface
Incoming: packets that have reached the router interface will be processed by the router
The process by which the list is applied to the interface direction and the data direction related to the access control list:
ACL rule: match one by one from top to bottom. The implied rejection by default is to reject all (any) whitelist:
Allow 1.2
Allow 1.3
Reject all (do not write)
Blacklist:
Reject 1.2
Reject 1.3
Allow all (must be written)
Type of ACL access control list: standard access control list:
1. Filter packets based on IP address
two。 The access control list number of the standard access control list is 1: 99.
Extended access Control list:
1. Filter packets based on source IP, destination IP address, specified protocol, port, and flag
two。 The access control list number of the extended access control list is 1000199
Named access control lists (including standards and extensions):
1. Named access control lists allow the use of name waiting table numbers in standard and extended access control lists
Flexible strategy adjustment
four。 Configuration of standard access control lists creates ACL:Router (config) # access-list accsee-list-number {permit allows packets to pass | deny rejects packets through} source [source-wildcard] to control and delete ACL:Router (config) # no access-list access-list-number application example: Router (config) # access-list 1 permit 192.168.1.0 0.0.0.255Router (config) # access-list 1 permit 192.168.2.2 0.0.0.0 allows traffic from 192.168.1.0 Universe 24 and host 192.168.2.2 to pass through the implied reject statement: Router (config) # access-list 1 deny 0.0.0.0 255.255.255.255 keyword:
Host/any
Demo1: a configuration example of a standard ACL
Switch: sw#conf t sw (config) # no ip routingsw (config) # int f1/0sw (config-if) # speed 100sw (config-if) # dup full Router: R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.10.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # int f0/1R1 (config-if) # ip add 192.168.20.1 255.255.255.0R1 (config -if) # no shut client configuration IP address: PC1 > ip 192.168.10.2 192.168.10.1Checking for duplicate address...PC1: 192.168.10.2 255.255.255.0 gateway 192.168.10.1PC2 > ip 192.168.10.3 192.168.10.1Checking for duplicate address...PC1: 192.168.10.3 255.255.255.0 gateway 192.168.10.1PC3 > PC3 > ip 192.168.20.2 192.168. 20.1Checking for duplicate address...PC1: 192.168.20.2 255.255.255.0 gateway 192.168.20.1 Verification Interconnection: PC1 > ping 192.168.20.2 192.168.20.2 icmp_seq=1 timeout84 bytes from 192.168.20.2 icmp_seq=2 ttl=63 time=15.676 ms84 bytes from 192.168.20.2 icmp_seq=3 ttl=63 time=17.680 ms84 bytes from 192.168.20.2 icmp_seq=4 ttl=63 time=21.956 ms84 bytes from 192.168. 20.2 icmp_seq=5 ttl=63 time=12.700 msPC2 > ping 192.168.20.2192.168.20.2 icmp_seq=1 timeout192.168.20.2 icmp_seq=2 timeout84 bytes from 192.168.20.2 icmp_seq=3 ttl=63 time=17.735 ms84 bytes from 192.168.20.2 icmp_seq=4 ttl=63 time=14.069 ms84 bytes from 192.168.20.2 icmp_seq=5 ttl=63 time=14.960 ms// definition rules R1 (config-if) # access- on R1 in the global mode of network segment interconnection at this time List 1 deny host 192.168.10.2R1 (config) # do show access-listR1 (config) # access-list 1 permit anyR1 (config) # int f0/0R1 (config-if) # ip access-group 1 inPC1pingPC3 shows that the administrator refuses: PC1 > ping 192.168.202192.168.10.1 icmp_seq=1 ttl=255 time=20.233 ms (ICMP type:3 Code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=2 ttl=255 time=4.913 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=3 ttl=255 time=12.927 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=4 ttl=255 time=12.965 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=5 ttl=255 time=13.958 ms (ICMP type:3, code:13) Communication administratively prohibited) PC1pingPC2 can be connected: PC1 > ping 192.168.10.384 bytes from 192.168.10.3 icmp_seq=1 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=2 ttl=64 time=0.975 ms84 bytes from 192.168.10.3 icmp_seq=3 ttl=64 time=0.997 ms84 bytes from 192.168.10.3 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=5 ttl=64 time=1.731 ms above are all the contents of the article "sample Analysis of Standard ACL configurations" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
Open the bookmark in a new tab: browser.tabs.loadBookmarksInTabs;true
© 2024 shulou.com SLNews company. All rights reserved.