.
.
: c .
: .
.
1. .
2. ?
3. ?
4. ?
5. ?
6. .
7. ?
10. ACL (Access Control List).
, , .
, : standart ( 1 99) extended ( 100 199 2000 2699). IP , .
IP , .. IP . .
, . , , , .. , . . , :
Access-list _ deny any
, .
, , :
1 ;
2 ;
3 .
:
:
Switch3(config)# ip access-list standart 10
( 10, )
:
Router1(config)# ip access-list extended 100
|
|
( 100, ).
:
, :
1 - , ;
2 - deny () permit ();
3 - , :
- ( 192.168.2.0 0.0.0.255) ;
- (host 192.168.2.1);
- IP (any).
10:
Access-list 10 deny host 11.0.0.5
Access-list 10 deny 12.0.0.0 0.255.255.255
Access-list 10 permit any
:
- IP 11.0.0.5;
- 12.0.0.0/8 ( , );
- .
permit deny ( IP, TCP, UDP, ICMP), , IP ICMP, TCP UDP. TCP UDP, TCP UDP ( FTP WEB TCP).
. ( 10.1):
10.1.
lt n | , n. |
gt n | , n. |
eq n | n |
neq n | , n. |
range n m | n m . |
10.2:
10.2.
access_list | |||
20 | TCP | FTP | data ftp_data |
21 | TCP | FTP | ftp |
22 | TCP | SSH | |
23 | TCP | Telnet | telnet |
25 | TCP | SMTP | Smtp |
53 | UDP, TCP | DNS | Domain |
67, 68 | UDP | DHCP | nameserver |
69 | UDP | TFTP | Tftp |
80 | TCP | HTTP (WWW) | www |
110 | TCP | POP3 | pop3 |
161 | UDP | SNMP | Snmp |
111:
! 80 (www-)