ACL

标签：acl

通配符掩码：1代表有效，0代表无效

      例: 192.168.1.0     0.0.0.7                

                          0 0 0 0 0 1 1 1 

                          后三位 1 1 1 可以有 2^3=8种可能性 192.168.1.0-192.168.1.7

   注意：通配符掩码跟子网掩码完全是两回事

标准ACL 1-99

扩展ACL 100-199

标准ACL的配置：

1）应用于接口：

Router(config)#access-list 1 permit 1.1.1.0 0.0.0.255

Router(config)#access-list 1 deny any

Router(config)#int g0/0

Router(config-if)#ip access-group 1 ?

in   inbound packets

out  outbound packets

Router(config-if)#ip access-group 1 in

2）应用于telnet:

Router(config)#line vty 0 4

Router(config-line)#password 123

Router(config-line)#login

Router(config-line)#exit

Router(config)#enable password 456

Router(config)#access-list 2 permit host 3.3.3.3

Router(config)#access-list 2 deny any

Router(config)#line vty 0 4

Router(config-line)#access-class 2 ?

in   Filter incoming connections

out  Filter outgoing connections

Router(config-line)#access-class 2 in

3）扩展ACL的配置：

Router(config)#access-list 100 permit ?

ahp    Authentication Header Protocol

eigrp  Cisco‘s EIGRP routing protocol

esp    Encapsulation Security Payload

gre    Cisco‘s GRE tunneling

icmp   Internet Control Message Protocol

ip     Any Internet Protocol

ospf   OSPF routing protocol

tcp    Transmission Control Protocol

udp    User Datagram Protocol

Router(config)#access-list 100 permit tcp ?

A.B.C.D  Source address

any      Any source host

host     A single source host

Router(config)#access-list 100 permit tcp 4.4.4.0 0.0.0.255 ?

A.B.C.D  Destination address

any      Any destination host

eq       Match only packets on a given port number

gt       Match only packets with a greater port number

host     A single destination host

lt       Match only packets with a lower port number

neq      Match only packets not on a given port number

range    Match only packets in the range of port numbers

Router(config)#access-list 100 permit tcp 4.4.4.0 0.0.0.255 eq ?

<0-65535>  Port number

ftp        File Transfer Protocol (21)

pop3       Post Office Protocol v3 (110)

smtp       Simple Mail Transport Protocol (25)

telnet     Telnet (23)

www        World Wide Web (HTTP, 80)

Router(config)#access-list 100 permit tcp 4.4.4.0 0.0.0.255 eq telnet ?

A.B.C.D  Destination address

any      Any destination host

host     A single destination host

Router(config)#access-list 100 permit tcp 4.4.4.0 0.0.0.255 eq telnet any

Router(config)#int g0/0

Router(config-if)#ip access-group ?

<1-199>  IP access list (standard or extended)

WORD     Access-list name

Router(config-if)#ip access-group 100 ?

in   inbound packets

out  outbound packets

Router(config-if)#ip access-group 100 in 

ACL

标签：acl

原文地址：http://llzzgg.blog.51cto.com/10535395/1683837