In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-11 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
We can configure ACL to control whether packets are allowed or denied to reach the destination. Increase network security.
ACL is divided into:
V standard ACL: control, allow or deny according to the source of the packet. List number range: 1: 99.
V extended ACL: control, allow or deny based on the source, destination, protocol, and port of the packet. List number range: 100,199.
V command ACL: manage standard ACL and extended ACL, and command ACL for easy identification.
Cisco ACL related commands:
Command
Description
(config) # access-list 1 permit 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask)
Allow standard ACL
(config) # access-list 1 deny 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask)
Reject standard ACL
(config) # access-list 100 permit tcp (protocol) 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask) 192.168.1.0 (destination network segment) 0.0.0.255 (reverse mask) eq 80 (port number)
Allow extension of ACL
(config) # access-list 100 deny tcp (protocol) 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask) 192.168.1.0 (destination network segment) 0.0.0.255 (reverse mask) eq 80 (port number)
Refuse to extend ACL
(config-if) # ip access-list standard a (name)
Create a standard named ACL
(config-std-nad) # 10 (serial number) permit 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask)
Allow standard ACL
(config-if) # ip access-list extended a (name)
Create an extended named ACL
10 deny tcp (protocol) 192.168.1.0 (source network segment) 0.0.0.255 (reverse mask) 192.168.1.0 (destination network segment) 0.0.0.255 (reverse mask) eq 80 (port number)
Refuse to extend named ACL
(config-if) # ip access-group 1 in (entry)
Apply ACL to the portal
(config-if) # ip access-group 1 out (Export)
Apply ACL to exits
# show access-list
View ACL status
Note: standard ACL can only be used for portals, while extended ACL can be applied to entrances and exits.
Permit: allow, deny: deny, eq: equal, standad: standard, extended: extension
Case: apply ACL to remote login.
Huawei H3C related orders:
Command
Description
[huawei] acl 2000
Create and enter ACL
[huawei] acl name ren
Named ACL
[huawei-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
Standard ACL
[huawei-acl-basic-2000] rule deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
Extended ACL
[huawei] display acl
View ACL
[huawei] display acl name
View named ACL
Note: Huawei H3C ACL must be associated with a flow policy if it is to be applied to an interface.
Case study:
Configuration ideas:
V define ACL
V configuration flow classification
V configure flow behavior
V configure flow policy
Call policy on interface v
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
