, ACL , ACL IP-. - ACL. , ACL deny permit. show access-list deny . ACL. ACL deny ip any any. .
ACL.
ACL , , . , .
, , .
IP- ISP 10.1.1.1.
IP- 10.1.1.2.
- 192.168.201.0 255.255.255.0.
VPN 192.168.201.100.
- 192.168.201.101.
FTP 192.168.201.102.
SMTP 192.168.201.103.
DNS 192.168.201.104.
DNS 172.16.201.50.
ACL . ACL eBGP ISP, - , .
no access-list 110
!--- 1 - .
!--- .
!--- .
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
!--- deny
!--- (DHCP).
access-list 110 deny ip host 0.0.0.0 any
!--- RFC 1918.
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any!--- BGP .
access-list 110 permit tcp host 10.1.1.1 gt 1023 host 10.1.1.2 eq bgp
access-list 110 permit tcp host 10.1.1.1 eq bgp host 10.1.1.2 gt 1023
!--- , ).
access-list 110 deny ip 192.168.201.0 0.0.0.255 any
|
|
!--- 2 .
!--- ICMP.
access-list 110 permit icmp any any echo-reply access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded access-list 110 deny icmp any any
!--- DNS. access-list 110 permit udp any eq domain host 192.168.201.104 gt 1023
!--- DNS DNS.
access-list 110 permit udp any eq domain host 192.168.201.104 eq domain
!--- -. access-list 110 permit tcp any 192.168.201.0 0.0.0.255 established
access-list 110 permit udp any range 1 1023 192.168.201.0 0.0.0.255 gt 1023
!--- ftp. access-list 110 permit tcp any eq ftp-data 192.168.201.0 0.0.0.255 gt 1023
!--- tftp .
access-list 110 permit udp any gt 1023 192.168.201.0 0.0.0.255 gt 1023
!--- 3 .
!--- DNS. access-list 110 permit udp any gt 1023 host 192.168.201.104 eq domain
!-- DNS DNS. access-list 110 permit tcp host 172.16.201.50 gt 1023 host 192.168.201.104 eq domain
!--- DNS. access-list 110 permit tcp host 172.16.201.50 eq domain host 192.168.201.104 eq domain
!--- DNS.
access-list 110 deny udp any any eq domain access-list 110 deny tcp any any eq domain
!--- IPSec VPN. access-list 110 permit udp any host 192.168.201.100 eq isakmp
access-list 110 permit udp any host 192.168.201.100 eq non500-isakmp
access-list 110 permit esp any host 192.168.201.100
access-list 110 permit ahp any host 192.168.201.100 access-list 110 deny ip any host 192.168.201.100
!--- - !--- .
access-list 110 permit tcp any host 192.168.201.101 eq www
access-list 110 permit tcp any host 192.168.201.101 eq 443 access-list 110 permit tcp any host 192.168.201.102 eq ftp
!--- FTP
!--- ACE permit established 3.
!--- PASV FTP.
access-list 110 permit tcp any gt 1023 host 192.168.201.102 gt 1023
access-list 110 permit tcp any host 192.168.201.103 eq smtp
!--- 4 deny.
access-list 110 deny ip any any Edge-router(config)#interface serial 2/0 Edge-router(config-if)#ip access-group 110 in
CISCO, . , / . , , IP-, .
|
|
, , Avaya, Alcatel, Nortel Networks, Cisco Systems. Cisco Systems -, . , Cisco Systems.
Alcatel - IP- OmniPCX , OmniPCX Enterprise OmniPCX Office.
Alcatel . Alcatel , Avaya Cisco Systems.
, Nortel Business Communications Manager 450 10- , . IP-, , BCM IP , IP-; , .
Cisco Systems AVVID (Architecture for Voice, Video and Integrated Data). Cisco . , , , . - , .
Cisco Systems, . Cisco Systems , , .