ACL(access control list存取控制清單)常用在控制管理流程

設定方式(參數資訊可參考cisco網站):

基本設定

#test可以自行更換成其他
(config)ip access-list extended test

#Allow 80port
(config-ext-nacl)permit tcp any any eq www

#Allow DNS
(config-ext-nacl)permit udp any any eq domain
(config-ext-nacl)permit udp any eq domain any
(config-ext-nacl)permit tcp any any eq domain
(config-ext-nacl)permit tcp any eq domain any

#Allow telnet、smtp、pop3
(config-ext-nacl)permit tcp any any eq telnet
(config-ext-nacl)permit tcp any any eq smtp
(config-ext-nacl)permit tcp any any eq pop3

#Allow DHCP
(config-ext-nacl)permit udp any any eq bootps
(config-ext-nacl)permit udp any any eq bootpc


#Allow IP
(config-ext-nacl)permit host 192.168.100.100
(config-ext-nacl)permit host 192.168.100.100 255.255.255.0

#Deny IP
(config-ext-nacl)deny host 192.168.100.100
(config-ext-nacl)permit any


#join 進 vlan
(config)int vlan 123
(config-if)ip access-group <class_name> <in or out>
Categories: Cisco