如何在路由上配置acl?
答案:2 悬赏:60
解决时间 2021-02-16 02:20
- 提问者网友:伴他一生,无悔
- 2021-02-15 15:18
如何在路由上配置acl?
最佳答案
- 二级知识专家网友:哥在撩妹请勿打扰
- 2021-02-15 16:37
命名扩展ACL配置 R2(config)#ip access-list extended cisco R2(config-ext-nacl)#10 permit eigrp any any R2(config-ext-nacl)#20 permit ip host 1.1.1.1 host 3.3.3.3 R2(config-ext-nacl)#30 permit ip any any R2(config-ext-nacl)#no 30 R2(config-ex
命名扩展ACL配置
R2(config)#ip access-list extended cisco
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 permit ip host 1.1.1.1 host 3.3.3.3
R2(config-ext-nacl)#30 permit ip any any
R2(config-ext-nacl)#no 30
R2(config-ext-nacl)#30 deny ip any any
R2(config)#int s0/0
R2(config-if)#ip access-group in
向标准acl里添加条目
R2(config)#access-list 10 permit host 1.1.1.1
R2(config)#access-list 10 deny any
R2(config)#ip access-list standard 10
R2(config-ext-nacl)#1 permit eigrp any any
基于TCP的ACL
R2(config)#access-list 110 permit eigrp any any
R2(config)#access-list 110 tcp any host 10.1.1.1 established 被建立的 带ack的
R2(config)#access-list 110 deny ip any any
R2(config)#int s0/1
R2(config-if)#ip access-group 110 in
自反ACL
R2(config)#ip access-list extended outside
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 permit tcp host 10.1.1.1 host 20.1.1.2 reflect cisco
R2(config-ext-nacl)#30 deny ip any any
R2(config)#ip access-list extended inside
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 evaluate cisco
R2(config-ext-nacl)#30 deny ip any any
R2(config)#int s0/1
R2(config-if)#ip access-group outside out
R2(config-if)#ip access-group inside in
基于时间的ACL
R2(config)#time-range cisco
R2(config-time-range)#periodic daily 12:00 to 13:00
R2(config)#access-list 101 perimit ip any any time-range cisco
CBAC
R2(config)#access-list 101 permit eigrp any any
R2(config)#access-list 101 deny ip any any
R2(config)#int s1/2
R2(config-if)#ip access-group 101 in
R2(config)#ip inspect name cisco tcp
R2(config)#int s1/3
R2(config-if)#ip inspect cisco in
查看:show access-lists cisco
show ip inspect session
命名扩展ACL配置
R2(config)#ip access-list extended cisco
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 permit ip host 1.1.1.1 host 3.3.3.3
R2(config-ext-nacl)#30 permit ip any any
R2(config-ext-nacl)#no 30
R2(config-ext-nacl)#30 deny ip any any
R2(config)#int s0/0
R2(config-if)#ip access-group in
向标准acl里添加条目
R2(config)#access-list 10 permit host 1.1.1.1
R2(config)#access-list 10 deny any
R2(config)#ip access-list standard 10
R2(config-ext-nacl)#1 permit eigrp any any
基于TCP的ACL
R2(config)#access-list 110 permit eigrp any any
R2(config)#access-list 110 tcp any host 10.1.1.1 established 被建立的 带ack的
R2(config)#access-list 110 deny ip any any
R2(config)#int s0/1
R2(config-if)#ip access-group 110 in
自反ACL
R2(config)#ip access-list extended outside
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 permit tcp host 10.1.1.1 host 20.1.1.2 reflect cisco
R2(config-ext-nacl)#30 deny ip any any
R2(config)#ip access-list extended inside
R2(config-ext-nacl)#10 permit eigrp any any
R2(config-ext-nacl)#20 evaluate cisco
R2(config-ext-nacl)#30 deny ip any any
R2(config)#int s0/1
R2(config-if)#ip access-group outside out
R2(config-if)#ip access-group inside in
基于时间的ACL
R2(config)#time-range cisco
R2(config-time-range)#periodic daily 12:00 to 13:00
R2(config)#access-list 101 perimit ip any any time-range cisco
CBAC
R2(config)#access-list 101 permit eigrp any any
R2(config)#access-list 101 deny ip any any
R2(config)#int s1/2
R2(config-if)#ip access-group 101 in
R2(config)#ip inspect name cisco tcp
R2(config)#int s1/3
R2(config-if)#ip inspect cisco in
查看:show access-lists cisco
show ip inspect session
全部回答
- 1楼网友:没感情的陌生人
- 2021-02-15 17:42
路由器上不用配置vlan,在路由器上配置子接口,接口号对应交换机的vlan号。这是单臂路由。
路由器上对vlan这几个网段做acl,并配置成inside,完成nat配置。
你说的这些就这样配在一起
我要举报
如以上问答内容为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯
| • 手机登qq时,显示手机磁盘不足,清理后重新登 |
| • 刺客的套装怎么选啊? |