(Extended ACL)
Cisco
Cisco, () . . :
- IP- - IP- ;
- - / ;
- TCP/IP - TCP, UDP, IP ;
?
. :
access list NUMBER permit|deny IP_PROTOCOL SOURCE_ADDRESS WILDCARD_MASK [PROTOCOL_INFORMATION] DESTINATION_ADDRESS WILDCARD_MASK PROTOCOL_INFORMATION
:
- NUMBER - ;
- PERMIT/DENY - ;
- SOURCE/DESTINATION ADDRESS - ;
- WILDCARD_MASK - ;
- PROTOCOL_INFORMATION - TCP, UDP, IP ;
, wildcard () , :
( ):
ip access-group NUMBER out
in out ,
: 100 199 2000 2699
( 1)
, 10.0.0.0/24 S2 ( 192.168.0.1), S1 ( 172.16.0.1/24).

, ACL S2. :
access-list 100 permit ip 10.0.0.0 0.0.0.255 192.168.0.1 0.0.0.0
10.0.0.0 192.168.1.0. , S1:
access-list 100 deny ip 10.0.0.0 0.0.0.255 172.16.0.1 0.0.0.0
, R1:
int fa0/0 ip access-group 100 in
( 2)
: 10.0.0.0/24 S1, 80. - , - , Telnet.

, - 80,
access-list 100 permit tcp 10.0.0.0 0.0.0.255 172.16.0.1 0.0.0.0 eq 80
TCP, . , 10.0.0.0 172.16.0.1 80 (-).
Telnet 10.0.0.0 172.16.0.1. -, :
access-list 100 deny tcp 10.0.0.0 0.0.0.255 172.16.0.1 0.0.0.0 eq 23
, :
int fa0/0 ip access-group 100 in
, . , .