Telegram- 👇 😉
-
. WIKIMERIONET
Merion Mertics , ,

CRM

12

IP ACL.

, dotted-decimal number (DDN), 32- . 32- , WC . , WC (wildcard), 0, , , 1 , .

, WC (wildcard) .

WC. ? , , , , . , ACL , .

, DDN, ACL ( access-list, ), . WC . , , WC 1, . , , , !


,

ACL . ACL, :

  • access-list.
  • , 255.255.255.255.

, 172.16.8.0 255.255.252.0 (172.16.8.0) , , :

, :

access-list 1 permit 172.16.8.0 0.0.3.255

/

ACL , ACL. -, () any. , , .

-, ACL, any . , :

access-list 1 permit any

, ? , ACL Cisco IP ACL. , ACL, , . ? permit any ACL.

(, access-list 1 deny any) ACL. , ACL? , ACL , ACL, ACL. , , deny any ACL, deny any.


IP ACL

. . access-list, :

access-list access-list-number {deny | permit} source [source-wildcard]

1. ( ) ( ) :

  1. ACL , , .
  2. ACL IP- , IP- , ACL.

2. ACL, :

  1. .
  2. , , - () .

3. ACL ,   ip access-group number {in | out}.

.


ACL, 1

, 4 5. , ACL :

  1. ACL R2 S0/0/1.
  2. , A.
  3. , A.
  4. , A 10.0.0.0.
  5. , , .

1 , , show running-config.

R2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)# access-list 1 permit 10.1.1.1
R2(config)# access-list 1 deny 10.1.1.0 0.0.0.255
R2(config)# access-list 1 permit 10.0.0.0 0.255.255.255
R2(config)# interface S0/0/1
R2(config-if)# ip access-group 1 in
R2(config-if)# ^Z
R2# show running-config
! Lines omitted for brevity
access-list 1 permit 10.1.1.1
access-list 1 deny 10.1.1.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.255.255.255

-, . , access-list , access-list . show running-config: , . , ip access-group 1 R2 S0/0/1, ACL ( , ).

2 R2, ACL. show ip access-lists ACL IPv4, show access-lists ACL IPv4, ACL, , , ACL IPv6.

show access-lists

. () . ACL, , ACL, , . , . , 107 ACL.

, show ip interface. , , IP ACL, ip access-group.


ACL, 2

8 , . , , . , , A, B S1, C. , , , A S2, C S2 - , . ACL F0/0 R2.

  ACL  2

, :

  1. ACL F0/0 R2.
  2. S1, A.
  3. S1 C.
  4. S2 C.
  5. S2 A.
  6. , ; .

, , , ACL. , 2: access-list 2 permit 10.2.2.1. IP- 10.2.2.1 ( S1). () , IP-! , IP- 10.2.2.1, , ACL. IP- , IP-, ACL IP- .

, . , , ACL, , IP-.

, , ACL. -, ACL, R1. ACL :

  1. ACL F0 / 0 R1, S1 .
  2. ACL F0 / 1 R1, S2 .

3 , .

access-list 2 remark This ACL permits server S1 traffic to host A's subnet
access-list 2 permit 10.2.2.1
!
access-list 3 remark This ACL permits server S2 traffic to host C's subnet
access-list 3 permit 10.2.2.2
!
interface F0/0
ip access-group 2 out
!
interface F0/1
ip access-group 3 out

, ACL 2 S1, , F0/0 R1. - all ACL. , ACL 3 S2, F0/1 R1. , , , ACL.

ACL , 2, , , ACL. , ACL. , ping traceroute .


ACL IPv4 . , , .

-, , , . 2 , IOS , ACL. , log access-list, IOS ACL. , , ACL .

, 4 ACL 2 3, log. , IP- 10.2.2.1 ( ACL) 10.1.1.1.

R1# show running-config
! lines removed for brevity
access-list 2 remark This ACL permits server S1 traffic to host A's subnet
access-list 2 permit 10.2.2.1 log
!
interface F0/0
ip access-group 2 out
R1#
Feb 4 18:30:24.082: %SEC-6-IPACCESSLOGNP: list 2 permitted 0 10.2.2.1 -> 10.1.1.1, 1
Packet

ACL, , , , ACL, . , ACL , , ACL.

, 9 ACL, 7. ACL 10.1.1.1. ACL R2, ACL ACL S0/0/1 R2 , , 10.1.1.1 - - S0/0/1 R2. , R2 ACL 1 F0/0 , ACL IP- 10.1.1.1, , 10.1.1.1, . , 10.1.1.1, R2 F0/0, - .

      ACL