ACL
access匹配原則:從前匹配ui
Branch#sh run int e0/0.1 Building configuration... Current configuration : 116 bytes ! interface Ethernet0/0.1 encapsulation dot1Q 10 ip address 10.1.100.254 255.255.255.0 ip access-group 1 in #在接口上應用 end Branch#sh run | s acce ip access-group 1 in access-list 1 deny 10.1.100.2 access-list 1 permit any
PC1>ping 10.1.200.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.200.2, timeout is 2 seconds: U.U.U
此時查看access-list會發現有配到的數據
Branch#sh ip acce
Standard IP access list 1
10 deny 10.1.100.2 (26 matches)
20 permit any
接下改變PC1的IP
PC1#sh run int e0/1 Building configuration... Current configuration : 66 bytes ! interface Ethernet0/1 ip address 10.1.100.2 255.255.255.0 end PC1#conf t Enter configuration commands, one per line. End with CNTL/Z. PC1(config)#int e0/1 PC1(config-if)#ip add 10.1.100.1 255.255.255.0 PC1(config-if)#end PC1#ping 10.1.200.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.200.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
Branch#sh ip acce Standard IP access list 1 10 deny 10.1.100.2 (14 matches) 20 permit any (5 matches)
思考:此時如果想在這個網段中放行奇數IP拒絕偶數IP,須要怎麼作呢?spa
答:只須要這樣作就好
Branch(config)#access-list 1 permit 10.1.100.3 0.0.0.254 (只需加上掩碼)
Branch(config)#do sh ip acces
Standard IP access list 1
10 permit 10.1.100.1, wildcard bits 0.0.0.254code
標準的ACL功能有限,在匹配流量的時候,僅僅可以匹配IP頭部的源IP地址blog
host 參數表明通配符掩碼爲 32 bit嚴格匹配接口
any 參數表明匹配全部ip
PC1#conf t Enter configuration commands, one per line. End with CNTL/Z. PC1(config)#int e0/1 PC1(config-if)#ip add 10.1.100.4 255.255.255.0 PC1(config-if)#do ping 10.1.200.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.200.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1(config-if)#ip add 10.1.100.3 255.255.255.0 PC1(config-if)#do ping 10.1.200.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.200.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
相關文章
- 1. CCNA-ACL實驗(標準ACL,擴展ACL,命名ACL,基於時間ACL,動態ACL,自反ACL)
- 2. ACL
- 3. acl
- 4. ACL技術 擴展ACL
- 5. ACL實驗-高級ACL
- 6. 標準ACL,擴展ACL
- 7. 基本ACL與高級ACL
- 8. centos7 ACL
- 9. Linux ACL
- 10. linux acl
- 更多相關文章...
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. CCNA-ACL實驗(標準ACL,擴展ACL,命名ACL,基於時間ACL,動態ACL,自反ACL)
- 2. ACL
- 3. acl
- 4. ACL技術 擴展ACL
- 5. ACL實驗-高級ACL
- 6. 標準ACL,擴展ACL
- 7. 基本ACL與高級ACL
- 8. centos7 ACL
- 9. Linux ACL
- 10. linux acl