扩展访问控制列表的配置
- 创建ACL
Router(config)# access-list access-list-number { permit | deny } protocol { source source-wildcard destination destination-wildcard } [ operator operan ]
2.删除ACL
Router(config)# no access-list access-list-number3.将ACL应用于接口
Router(config-if)# ip access-group access-list-number {in |out}
4.在接口上取消ACL的应用
Router(config-if)# no ip access-group access-list-number {in |out}
命名访问控制列表的配置
- 创建ACL
- 配置标准命名ACL
Router(config-std-nacl)# [ Sequence-Number ] { permit | deny } source [ source-wildcard ]
- 配置扩展命名ACL
Router(config-ext-nacl)# [ Sequence-Number ] { permit | deny } protocol { source source-wildcard destination destination-wildcard } [ operator operan ]
4.标准命名ACL应用实例
只允许来自主机192.168.1.1/24的流量通过
5.查看ACL的命令
6.扩展命名ACL应用实例
Router(config)# ip access-list extended cisco
Router(config-ext-nacl)# deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq 21 Router(config-ext-nacl)# permit ip any any
7.ACL的删除方式
- 删除整组ACL
Router(config)# no ip access-list { standard |extended } access-list-
name
- 删除组中单一ACL语句
no Sequence-Number
no ACL语句
- 例实
8.将ACL应用于接口与在接口上取消ACL的应用 同理
扩展访问控制列表的实例
- 应用实例1
Router(config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
Router(config)# access-list 101 deny ip any any
2.应用实例2
Router(config)# access-list 101 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq 21
Router(config)# access-list 101 permit ip any any
3.应用实例3
Router(config)# access-list 101 deny icmp 192.168.1.0 0.0.0.255 host 192.168.2.2 echo
Router(config)# access-list 101 permit ip any any