Shulou(Shulou.com)06/01 Report--

Huawei ACL network security

one。

1. Different network cable interfaces on the physical layer security wall connect to the port relationship of the switch

two。 Data link layer security ADSL dialing account and password mac address binding switch port connection computer number to create vlan

3. Network layer security is based on source IP address destination IP address control

4. Transport layer secure session * * LAND*** syn Flood * *

5. Application layer security login password

6. Network layer security

Standard ACL

Control based on source address

7. Access control list

Extended source address

Based on the original address, the destination address

Port number is controlled.

two。

Configure network security using standard ACL

Experimental requirements:

Routers and computers in the network have been configured with ip addresses and routes to define a standard acl on Router 0 to implement the following functions

1. Only computers in the marketing and finance departments can access internet

two。 Computers in the server group are denied access to internet.

Lab code:

Router 0

Router#config t

Router# (config) access-list 10 deny host 192.168.2.2

Deny this ip access to the Internet.

Router# (config) access-list 10 permit 192.168.1.0 0.0.0.255

Router# (config) access-list 10 permit 192.168.2.0 0.0.0.255

Allow ip to surf the Internet

Router# (config) interface serial 3amp 0

Configure network security using standard acl

Router# (config-if) ip access-group 10 out

Router#show access-lists

View access control list

First refuse to allow the Internet relationship can not be made a mistake

Experimental verification:

three。

Using extended ACL to achieve Network Security

Topology Diagram:

Experimental requirements:

The experimental requirements are different.

Lab code:

Router 0

Router#config

Router (config) # access-list 100 permit ip 192.168.2.0 0.0.0.255 any

Allow this ip to access any address on the Internet

Router (config) # access-list 100 permit tcp 192.168.1.0 0.0.255 10.0.0.0 0.0.255 eq 80

Router (config) # access-list 100 permit icmp 192.168.0.0 0.0.0.255 any

Router (config) # intterface serial 3bin0

Router (config) # ip access-group 100 out

Router#show access-lists View access Control list

Experimental verification:

four。

Use ACL to secure the router

Topology Diagram:

Experimental requirements:

Routers and computers in the network have been configured with ip addresses and routes to define a standard acl on R0 to implement the following functions

1. Only computers in the IJG department are allowed to telnet router R0

Telnet password is hanlg enbable password is todd

Lab code:

Router 0

Router#config t

Router (config) # line vty 0 15

Router (config) # password aaa

Router (config) # login

Create a standard access list

Router (config) # access-list 10 permit 192.168.1.3 0.0.0.0

Router (config) # line vty 0 15

Router (config) # access-class 10 in

Bind ACL to the telnet interface

Router (config) # access-group 10 in is different, don't get me wrong

Tie ACL to a physical interface

Experimental verification:

Summary of the experiment:

1. Standard IP access lists filter only source IP addresses.

two。 Extended access control list can filter not only the source IP address, but also the destination IP address, source port and destination port.

3. Try to apply extended ACL to the place closest to the source from which you want to reject traffic in order to reduce unnecessary traffic.

4. It is best to apply the standard ACL to the place closest to the destination

5. A standard ACL allows or denies a packet based on its source IP address.

6. When configuring access control lists, order is important.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.