managingtrafficwithaccesslis(编辑修改稿)

managingtrafficwithaccesslis(编辑修改稿)内容摘要：

nored)  Wildcard Any as abbr. to ignore all the address bits (match any)  Example: Accept any address  Abbreviate the expression using the keyword any  Wildcard Host as abbr. to check all the address bits (match all)  Example checks all the address bits  Abbreviate the wildcard using the IP address followed by the keyword host. For example, host 来自 中国最大的资料库下载 Standard IP Access Lists Example E2 E1 S0 E0 Marketing Finance Sales Inter Server Conditions: 1. Sale should not have access to the Finance, but they should be able to access the Inter and the marketing department 2. Marketing needs to access the Finance Configurations: 1. Router(config) accesslist 10 deny 2. Router(config) accesslist 10 permit any (to override the implicit deny) 3. Router(config) int e0 4. Router(configif) ip accessgroup 10 out 来自 中国最大的资料库下载 Extended IP Access Lists Configuration (1)  Router(config)  accesslist accesslistnumber {permit | deny} protocol source sourcemask destination destinationmask [ operator operand]  sets parameters for this list entry  Examples – choose the access list type RouterA(config) accesslist 110 ? deny Specify packet dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward 来自 中国最大的资料库下载 Extended IP Access Lists Configuration (2)  Examples (cont’d) – choose protocol RouterA(config) accesslist 110 deny ? 0255 An IP protocol number eigrp Cisco39。 s EIGRP routing protocol gre Cisco39。 s GRE tunneling icmp Inter Control Message Protocol igmp Inter Gateway Message Protocol igrp Cisco39。 s IGRP routing protocol ip Any Inter Protocol ipinip IP in IP tunneling nos KA9Q NOS patible IP over IP tunneling ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol 来自 中国最大的资料库下载 Extended IP Access Lists Configuration (3)  Examples (cont’d) – choose the source / destination IP address RouterA(config) accesslist 110 deny tcp ? Source address any Any source host host A single source host RouterA(config) accesslist 110 deny tcp any ? Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers 来自 中国最大的资料库下载 Extended IP Access Lists Configuration (4)  Router(configif)  ip accessgroup accesslistnumber {in | out}  activates the extended list on an interface 来自。