BST L3 Teoria.pdf

(2911 KB) Pobierz

BST Laboratorium III

Technologie Firewall

ACL Topology and Types

Standard Numbered IP ACLs

Router(config)# access-list {1-99} {permit | deny}

source-addr

[source-mask]



The first value specifies the ACL number



The second value specifies whether to permit or deny the

configured source IP address traffic



The third value is the source IP address that must be matched



The fourth value is the wildcard mask to be applied to the

previously configured IP address to indicate the range



All ACLs assume an implicit deny statement at the end of the

ACL6+



At least one permit statement should be included or all traffic will

be dropped once that ACL is applied to an interface

Extended Numbered IP ACLs

Router(config)# access-list {100-199} {permit | deny}

protocol

source-addr

[source-mask] [operator operand]

destination-addr

[destination-mask] [operator operand]

[established]

The first value specifies the ACL number

The second value specifies whether to permit or deny accordingly

The third value indicates protocol type

The source IP address and wildcard mask determine where traffic

originates. The destination IP address and wildcard mask are used

to indicate the final destination of the network traffic



The command to apply the standard or extended numbered ACL:



Router(config-if)# ip access-group number {in | out}

Named IP ACLs

Standard

Router(config)# ip access-list extended vachon1

Router(config-ext-nacl)# deny ip any 200.1.2.10

0.0.0.1

Router(config-ext-nacl)# permit tcp any host

200.1.1.11 eq 80

Router(config-ext-nacl)# permit tcp any host

200.1.1.10 eq 25

Router(config-ext-nacl)# permit tcp any eq 25 host

200.1.1.10 any established

Router(config-ext-nacl)# permit tcp any 200.1.2.0

0.0.0.255 established

Router(config-ext-nacl)# permit udp any eq 53

200.1.2.0 0.0.0.255

Router(config-ext-nacl)# deny ip any any

Router(config-ext-nacl)# interface ethernet 1

Router(config-if)# ip access-group vachon1 in

Router(config-if)# exit

Extended

Plik z chomika:

Averam

Inne pliki z tego folderu:

128MB.sdf (570 KB)
256MB.sdf (831 KB)
BST L1 teoria.pdf (1091 KB)
BST L1.pdf (1113 KB)
BST L1.pka (191 KB)

BST L3 Teoria.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: