ACL extended Control list 01/19 Update SLTechnology News&Howtos

ACL extended Control list

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Configuration of extended control lists

Create ACL

Router (config) # access-list access-list-number {permit | deny} protocol {source source-wildcard destination destination-wildcatd} [operator operan]

Access-list-number / / list serial number

Protocol / / Protocol (tcp udp icmp ip, etc.)

Source source-wildcard / / Source address

Destination destination-wildcard / / destination address

Operator operan / / Port

~ ~

Delete ACL

Router (config) # no access-list accsess-list-number

Combine ACL applications and interfaces

Router (config-if) # ip access-group access-list-number {in | out}

Cancel the ACL application on the interface

Router (config-if) # no ip access-group access-list-number {in | out}

Example

The experimental topology diagram is as follows

Requirements: host4 is the linux server, built by httpd and ftp services, host3 and host5 are windows systems. It is required to set up a control access list to enable host3 to access host4's httpd services, prohibit access to other services, and communicate with the 192.168.20.0 network segment.

Steps

1 install httpd and ftp services on host3 and configure three host network cards.

Configure host4, install httpd service, ftp service. Start after the installation is completed, turn off the firewall and enhance the security function. Select the network card as VM1, enter the network card configuration, change it to static, and add IP address, subnet mask and gateway. After the configuration is complete, restart the Nic to see if the modification is successful.

Set the host3 and host5 Nic to VM2 and VM3, and configure the ip address manually. After the configuration is complete, check whether the modification is successful.

Configure the router to configure the addresses of each of the three ports.

2 add a test document to the default site of the httpd service on the linux system and the default site of the ftp service, restart the service, and test the interconnection.

3 end of the test, interworking across the network, setting access control list

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.