Introduction to Access Lists 访问列表(access list,ACL) ACL的一些规则: 1 行 1个符合条件的行;符合以后,其余的行就不再继续比较下去 (deny),如果之前没找到1条许可(permit)语句,意 ACL 必须至少要有 1行 permit 语句,除非你想想所有数据包丢弃 . | ChapterlO Managing Traffic with Access Lists Introduction to Access Lists W ÿlJS access list ACL fóÈMễÂT OOẵ ACL fö- MM LfèNWWttS AttSSiừ mtSS A 1Ừ 2. -eCOJ 2J 1 A A-AtTWiT AAA MAW TWmSAA 3. MAWA ACL T 1 ÎïAIAWAWeny WAM llJ 1 W permit AA S O OiO A ACL W5A 1 permit A l ttS m 2 MA WiAlAAS LféfêWï A standard access lists AAÆ IP iWLA SMAS extended access lists LA IP WLfBM IP WL 3 WWRS 4 nAA AS SÆ ACL AA MSte ACL .BMWrouter W n A ACL SAA JJ A MWAfàTWnMMM A Internet JWMW amtrnsto Internet W Rr MAAAAm 2 ACL ASĩỄ AỄầ Ẻ ACL AỄầẺ ASM - ACL WSA 1. A n AMA R RA 1 A acl 2TMWRW ACL fi M lttttWg ACL W M 3. RAStcA ACL A A 1 M A 1 Wtt A ACL AAMASS named access lists WKffiSA AAMl AAM 4. MA ACL SMASM deny any A RSARWAA ACL MMASA 1 A permit AA 5. AAJAT acl A AAAAAS W n 6. ACL MAMA A router WORWàfttë router AAAARW A 7. AWW IP fe ACL fâOTféWLOW M ip AM ACL MWSB WLMWWM Standard Access Lists A ACL A ÆA Tffi wildcard masking .LMÉ 0 fD 255 W 4 A 8 RR .0 ft W EK 255 A M A W router M 3 R W 8 RRM EM 1 R 8 RRWtt ftSC MRW ij WaK fëfë 15-8 7 IP fe ACL AWMMAAMÆI access-lists ACL A permit deny any host AA 1 5J 99 f 1300 jlj 1999 permit deny A JAÆWWL any AiiMAR host AMASA M MMK ip WLm 1 MW 1 W IP ACL fô JJ W router W 3 LAN fôgfe 1 Internet fôSW f PWWlOfô Am Internet ÆS T Router config access-list 10 deny Router config access-list 10 permit any S IW fô deny any MSM iH iOpermit any any . TO ACL SÆWUtWWHfôffi IP ACL MMiféWOfôffi Æ ip access-group ACL 10 E1 Jin . ft BP out. T Router config int e1 Router config-if ip access-group 10 out Controlling VTY Telnet Access Æ IP fé ACL W VTY fôWKS W T 1. W IP ACL M i O telnet 2. access-class Wtëffl ACL lj VTY J T Router config access-list 50 permit Router config line vty 0 4 Router config-line access-class 50 in O A VTY m M ACL O BP deny any ffifô JT HÆW IP WO fô M telnet lj .
