取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

【原创】几个特殊的ACL配置案例

899
查看次数
5
有帮助
2
评论

动态ACL:

R2(config)#username cisco password cisco

R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#autocommand access-enable host timeout 2


R2(config)#access-list 100 permit tcp host 12.1.1.1 host 12.1.1.2 eq 23
R2(config)#access-list 100 dynamic xiaoniu timeout 3 permit icmp host 12.1.1.1 host 12.1.1.2

R2(config)#inter fa0/0
R2(config-if)#ip access-group 100 in

 

R1路由器需要先能Telnet到R2路由器,才能通过PING测试R2

R1#ping 12.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

R1#12.1.1.2
Trying 12.1.1.2 ... Open


User Access Verification

Username: cisco
Password:
[Connection to 12.1.1.2 closed by foreign host]

R1#ping 12.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/28 ms

 


自反ACL:需要过路的流量(加PC)

R1(config)#ip access-list extended outacl
R1(config-ext-nacl)#permit ip any any reflect xiaoniu

R1(config)#ip access-list extended inacl
R1(config-ext-nacl)#evaluate xiaoniu

R1(config)#inter fa0/0
R1(config-if)#ip access-group outacl out
R1(config-if)#ip access-group inacl in

 

基于时间的ACL

R1(config)#time-range 8-17
R1(config-time-range)#periodic weekend 8:00 to 17:00


R1(config)#access-list 100 permit tcp host 12.1.1.2 host 12.1.1.1 eq 23 time
R1(config)#$ 100 permit tcp host 12.1.1.1 host 12.1.1.1 eq 23 time-range 8-17

R1(config)#access-list 100 deny tcp any host 12.1.1.2 eq 23
R1(config)#access-list 100 per ip any any

R1(config)#username ccna password ccna
R1(config)#line vty 0 4
R1(config-line)#login local


R1(config)#inter fa0/0
R1(config-if)#ip access-group 100 in


R1#clock set 7:7:7 5 june 2020

 

评论
suzhouxiaoniu
Advocate

第一次新社区发帖,适应一下先

Yanli Sun
Community Manager

送上五星好评,欢迎小牛老师回来。有任何需要,随时喊我哦

创建
认可您的同行
Content for Community-Ad