network:ip:acl_base
差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
network:ip:acl_base [2014/03/09 10:20] ali88 |
network:ip:acl_base [2014/03/09 11:02] (目前版本) ali88 |
||
|---|---|---|---|
| 行 28: | 行 28: | ||
| Packet sent with a source address of 192.168.1.254 | Packet sent with a source address of 192.168.1.254 | ||
| !!!!! | !!!!! | ||
| - | </code> | + | </code> |
| + | * 在R1 ACL全域設定中設定建立一個延伸清單名稱為test, 阻擋192.168.22.254這個IP<code>R1#conf t | ||
| + | R1(config)#ip access-list extended test | ||
| + | R1(config-ext-nacl)#deny icmp host 192.168.22.254 any | ||
| + | R1(config-ext-nacl)#do sh ip access | ||
| + | Extended IP access list test | ||
| + | 10 deny icmp host 192.168.2.254 any | ||
| + | </code> | ||
| + | * 在將清單指定到R1 s0/0介面進來的方向<code>R1(config)#int s0/0 | ||
| + | R1(config-if)#ip access-group test in | ||
| + | </code> | ||
| + | * 測試R2 ping 192.168.1.254,為什麼連192.168.2.254也阻擋<code>R2#ping 192.168.1.254 source 192.168.22.254 | ||
| + | Packet sent with a source address of 192.168.22.254 | ||
| + | U.U | ||
| + | R2#ping 192.168.1.254 source 192.168.2.254 | ||
| + | Packet sent with a source address of 192.168.2.254 | ||
| + | .. | ||
| + | </code> | ||
| + | * 因為在清單最後一列要加上permit any any,因為存取清單的結尾都會有一列隱含的”拒絕”。<code>R1(config-ext-nacl)#permit ip host any any</code>再測試看看R2 192.168.2.254不可被阻擋<code>R2#ping 192.168.1.254 source 192.168.2.254 | ||
| + | Packet sent with a source address of 192.168.2.254 | ||
| + | !!!!! | ||
| + | </code> | ||
network/ip/acl_base.1394360440.txt.gz · 上一次變更: 2014/03/09 10:20 由 ali88
若無特別註明,本 wiki 上的內容都是採用以下授權方式: CC Attribution-Share Alike 3.0 Unported
