当前位置:网站首页>Standard ACL and extended ACL
Standard ACL and extended ACL
2022-07-07 18:38:00 【Chen chacha__】
standard ACL
R0 Basic configuration
int f0/0
ip add 192.168.10.254 255.255.255.0
no shutdown
int f0/1
ip add 76.12.16.133 255.255.255.252
no shut
R1 Basic configuration
int f0/0
ip add 76.12.32.254 255.255.255.0
no shut
int f0/1
ip add 76.12.16.134 255.255.255.252
no shut
Then give them to R1、R2 Configure the default route
R1
ip route 0.0.0.0 0.0.0.0 76.12.16.133 #76.12.16.133 It is the next hop address connected to this router , It can also be written as the next hop port number connected to this router
R2
ip route 0.0.0.0 0.0.0.0 76.12.16.134 # ditto
standard ACL On the router near the destination address
stay R1 Upper configuration standard ACL
standard ACL The number of 1-99
ip access-list 1 permit host 192.168.10.100
ip access-list 1 deny host 192.168.10.1
interface f0/1
ip access-group 1 in
Expand ACL
R0 Basic configuration
int f0/0
ip add 192.168.10.254 255.255.255.0
no shutdown
int f0/1
ip add 76.12.16.133 255.255.255.252
no shut
R1 Basic configuration
int f0/0
ip add 76.12.32.254 255.255.255.0
no shut
int f0/1
ip add 76.12.16.134 255.255.255.252
no shut
Then give them to R1、R2 Configure the default route
R1
ip route 0.0.0.0 0.0.0.0 76.12.16.133 #76.12.16.133 It is the next hop address connected to this router , It can also be written as the next hop port number connected to this router
R2
ip route 0.0.0.0 0.0.0.0 76.12.16.134 # ditto
Expand ACL It is configured on the router close to the source address
stay R0 Configure extensions on ACL
Expand ACL The number of 100-199
You need an agreement 、 Source IP、 Source port 、 Purpose IP、 The destination ports match
ip access-list 100 deny icmp host 192.168.10.1 host 76.12.32.1 # Reject from 192.168.10.1 The host goes to 76.12.32.1 The host ping package
ip access-list 100 permit ip any any # Allow all
interface f0/1
ip access-group 100 out # take ACL Apply to the out interface
边栏推荐
- Classification of regression tests
- [principles and technologies of network attack and Defense] Chapter 5: denial of service attack
- 体总:安全有序恢复线下体育赛事,力争做到国内赛事应办尽办
- 线程池中的线程工厂
- [PaddleSeg源码阅读] PaddleSeg Validation 中添加 Boundary IoU的计算(1)——val.py文件细节提示
- “解密”华为机器视觉军团:华为向上,产业向前
- 上市十天就下线过万台,欧尚Z6产品实力备受点赞
- 讨论| 坦白局,工业 AR 应用为什么难落地?
- 3分钟学会制作动态折线图!
- 云安全日报220707:思科Expressway系列和网真视频通信服务器发现远程攻击漏洞,需要尽快升级
猜你喜欢
随机推荐
Pro2: modify the color of div block
idea彻底卸载安装及配置笔记
socket编程之常用api介绍与socket、select、poll、epoll高并发服务器模型代码实现
Unlike the relatively short-lived industrial chain of consumer Internet, the industrial chain of industrial Internet is quite long
将模型的记忆保存下来!Meta&UC Berkeley提出MeMViT,建模时间支持比现有模型长30倍,计算量仅增加4.5%...
CVPR 2022丨学习用于小样本语义分割的非目标知识
4种常见的缓存模式,你都知道吗?
国内的软件测试会受到偏见吗
[trusted computing] Lesson 13: TPM extended authorization and key management
RIP和OSPF的区别和配置命令
AI defeated mankind and designed a better economic mechanism
【剑指 Offer】59 - I. 滑动窗口的最大值
Backup Alibaba cloud instance OSS browser
socket編程之常用api介紹與socket、select、poll、epoll高並發服務器模型代碼實現
线程池中的线程工厂
Tips for this week 140: constants: safety idioms
[principle and technology of network attack and Defense] Chapter 7: password attack technology Chapter 8: network monitoring technology
debian10编译安装mysql
PHP面试题 foreach($arr as &$value)与foreach($arr as $value)的用法
Do you really understand sticky bag and half bag? 3 minutes to understand it