标准ACL: Router(config)#access-list 1 permit 192.168.2.0 0.0.0.255 Router(config)#access-list 1 deny any Router(config)#int f0/1 Router(config-if)#ip access-group 1 in 扩展ACL: Router(config)#access-list 101 permit tcp 192.168.1.0 0.0.0.
标准ACL:
Router(config)#access-list 1 permit 192.168.2.0 0.0.0.255
Router(config)#access-list 1 deny any
Router(config)#int f0/1
Router(config-if)#ip access-group 1 in
扩展ACL:
Router(config)#access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.100.1 eq www
Router(config)#access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
Router(config)#int f0/1
Router(config-if)#ip access-group 101 in
配置路由器设备只允许网管区的IP通过TELNET登陆,并配置设备用户名为benet,密码为test:
Router(config)#access-list 1 permit 192.168.2.0 0.0.0.255
Router(config)#username benet password test
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#access-class 1 in
Router(config-line)#exit
内网主机都可以访问服务器,外网只允许访问服务器的80端口(服务器为vlan100):
Router(config)#access-list 100 permit ip 192.168.0.0 0.0.255.255 host 192.168.100.2
Router(config)#access-list 100 permit tcp any host 192.168.100.2 eq 80
Router(config)#access-list 100 deny ip any any
Router(config)#int vlan 100
Router(config-if)#ip access-group 100 out
Router(config-if)#exit
允许192.168.3.0/24网段主机访问服务器,但不能访问其他网段,也不能访问外网:
Router(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 host 192.168.100.2
Router(config)#access-list 101 deny ip any any
Router(config)#int vlan 3
Router(config-if)#ip access-group 101 in
Router(config-if)#exit
允许192.168.4.0/24网段主机访问服务器,但不能访问其他网段,可以访问外网:
Router(config)#access-list 102 permit ip 192.168.4.0 0.0.0.255 host 192.168.100.2
Router(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#access-list 102 permit ip any any
Router(config)#int vlan 4
Router(config-if)#ip access-group 102 in
Router(config-if)#exit
Copyright © 2019- yrrf.cn 版权所有 赣ICP备2024042794号-2
违法及侵权请联系:TEL:199 1889 7713 E-MAIL:2724546146@qq.com
本站由北京市万商天勤律师事务所王兴未律师提供法律服务