, dotted-decimal number (DDN), 32- . 32- , WC . , WC (wildcard), 0, , , 1 , .
, WC (wildcard) .
WC. ? , , , , . , ACL , .
, DDN, ACL ( access-list, ), . WC . , , WC 1, . , , , !
,
ACL . ACL, :
- access-list.
- , 255.255.255.255.
, 172.16.8.0 255.255.252.0 (172.16.8.0) , , :

, :
access-list 1 permit 172.16.8.0 0.0.3.255
/
ACL , ACL. -, () any. , , .
-, ACL, any . , :
access-list 1 permit any
, ? , ACL Cisco IP ACL. , ACL, , . ? permit
any ACL.
(, access-list 1 deny any) ACL. , ACL? , ACL , ACL, ACL. , , deny any ACL, deny any.
IP ACL
. . access-list, :
access-list access-list-number {deny | permit} source [source-wildcard]
1. ( ) ( ) :
- ACL , , .
- ACL IP- , IP- , ACL.
2. ACL, :
- .
- , , - () .
3. ACL , ip access-group number {in | out}.
.
ACL, 1
, 4 5. , ACL :
- ACL R2 S0/0/1.
- , A.
- , A.
- , A 10.0.0.0.
- , , .
1 , , show running-config.
R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# access-list 1 permit 10.1.1.1 R2(config)# access-list 1 deny 10.1.1.0 0.0.0.255 R2(config)# access-list 1 permit 10.0.0.0 0.255.255.255 R2(config)# interface S0/0/1 R2(config-if)# ip access-group 1 in R2(config-if)# ^Z R2# show running-config ! Lines omitted for brevity access-list 1 permit 10.1.1.1 access-list 1 deny 10.1.1.0 0.0.0.255 access-list 1 permit 10.0.0.0 0.255.255.255
-, . , access-list , access-list . show running-config: , . , ip access-group 1 R2 S0/0/1, ACL ( , ).
2 R2, ACL. show ip access-lists
ACL IPv4, show access-lists
ACL IPv4, ACL, , , ACL IPv6.

. () . ACL, , ACL, , . , . , 107 ACL.
, show ip interface. , , IP ACL, ip access-group.
ACL, 2
8 , . , , . , , A, B S1, C. , , , A S2, C S2 - , . ACL F0/0 R2.

, :
- ACL F0/0 R2.
- S1, A.
- S1 C.
- S2 C.
- S2 A.
- , ; .
, , , ACL. , 2: access-list 2 permit 10.2.2.1. IP- 10.2.2.1 ( S1). () , IP-! , IP- 10.2.2.1, , ACL. IP- , IP-, ACL IP- .
, . , , ACL, , IP-.
, , ACL. -, ACL, R1. ACL :
- ACL F0 / 0 R1, S1 .
- ACL F0 / 1 R1, S2 .
3 , .
access-list 2 remark This ACL permits server S1 traffic to host A's subnet access-list 2 permit 10.2.2.1 ! access-list 3 remark This ACL permits server S2 traffic to host C's subnet access-list 3 permit 10.2.2.2 ! interface F0/0 ip access-group 2 out ! interface F0/1 ip access-group 3 out
, ACL 2 S1, , F0/0 R1. - all ACL. , ACL 3 S2, F0/1 R1. , , , ACL.
ACL , 2, , , ACL. , ACL. , ping traceroute .
ACL IPv4 . , , .
-, , , . 2 , IOS , ACL. , log access-list
, IOS ACL. , , ACL .
, 4 ACL 2 3, log. , IP- 10.2.2.1 ( ACL) 10.1.1.1.
R1# show running-config ! lines removed for brevity access-list 2 remark This ACL permits server S1 traffic to host A's subnet access-list 2 permit 10.2.2.1 log ! interface F0/0 ip access-group 2 out R1# Feb 4 18:30:24.082: %SEC-6-IPACCESSLOGNP: list 2 permitted 0 10.2.2.1 -> 10.1.1.1, 1 Packet
ACL, , , , ACL, . , ACL , , ACL.
, 9 ACL, 7. ACL 10.1.1.1. ACL R2, ACL ACL S0/0/1 R2 , , 10.1.1.1 - - S0/0/1 R2. , R2 ACL 1 F0/0 , ACL IP- 10.1.1.1, , 10.1.1.1, . , 10.1.1.1, R2 F0/0, - .
