ACL(access control list存取控制清單)常用在控制管理流程
設定方式(參數資訊可參考cisco網站):
基本設定
#test可以自行更換成其他 (config)ip access-list extended test #Allow 80port (config-ext-nacl)permit tcp any any eq www #Allow DNS (config-ext-nacl)permit udp any any eq domain (config-ext-nacl)permit udp any eq domain any (config-ext-nacl)permit tcp any any eq domain (config-ext-nacl)permit tcp any eq domain any #Allow telnet、smtp、pop3 (config-ext-nacl)permit tcp any any eq telnet (config-ext-nacl)permit tcp any any eq smtp (config-ext-nacl)permit tcp any any eq pop3 #Allow DHCP (config-ext-nacl)permit udp any any eq bootps (config-ext-nacl)permit udp any any eq bootpc #Allow IP (config-ext-nacl)permit host 192.168.100.100 (config-ext-nacl)permit host 192.168.100.100 255.255.255.0 #Deny IP (config-ext-nacl)deny host 192.168.100.100 (config-ext-nacl)permit any #join 進 vlan (config)int vlan 123 (config-if)ip access-group <class_name> <in or out>