diff --git "a/25 \351\231\210\346\201\255\347\204\225/20250422 zuoye.md" "b/25 \351\231\210\346\201\255\347\204\225/20250422 zuoye.md" new file mode 100644 index 0000000000000000000000000000000000000000..5626e605f968567ca60ab43150436acd002a03e8 --- /dev/null +++ "b/25 \351\231\210\346\201\255\347\204\225/20250422 zuoye.md" @@ -0,0 +1,203 @@ +# 第一题 + +![](https://gitee.com/carpte/gallery/raw/master/img/Snipaste_2025-04-24_10-12-14.png) + +1. #### OSPF: + +``` +Router>en +Router#conf t +//分别设置端口IP +Router(config)#inter g0/0 +Router(config-if)#ip address 1.1.1.2 255.255.255.0 +Router(config-if)#no shutdown +Router(config-if)#ex + +Router(config-if)#router ospf 1 +Router(config-router)#network 1.1.1.0 0.0.0.255 area 0 +Router(config-router)#ex + + +//设置IP,并设置RIP +Router(config)#inter g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip address 2.2.2.1 255.255.255.0 +Router(config-if)#ex +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#network 2.2.2.0 +Router(config-router)#ex +// 重分发OSPF转成RIP (进到RIP转成OSPF) +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#redistribute ospf 1 metric 5 +Router(config-router)#ex +``` + +------ + +#### RIP: + +``` +Router>en +Router#conf t +//设置端口IP,打开端口 +Router(config)#inter g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip address 2.2.2.2 255.255.255.0 +Router(config-if)#ex +//设置RIP +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#network 2.2.2.0 +Router(config-router)#ex +//设置IP并设置RIP + +Router(config)#inter g0/0 +Router(config-if)#no shutdown +Router(config-if)#ip address 3.3.3.1 255.255.255.0 +Router(config-if)#ex +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#network 3.3.3.0 +Router(config-router)#ex +``` + + + +![image-20250424101131504](https://gitee.com/carpte/gallery/raw/master/img/Snipaste_2025-04-24_10-16-02.png) + +# 第二题 + +![3](https://gitee.com/carpte/gallery/raw/master/img/3.png) + +#### ospf:注意ospf和静态分发 是将动态那个作为中间路由 + +``` +Router>en +Router#conf t + +//设置端口IP +Router(config)#inter g0/0 +Router(config-if)#no shutdown +Router(config-if)#ip addres 10.10.10.2 255.255.255.0 +Router(config-if)#ex + +//设置为OSPF动态 +Router(config)#router ospf 1 +Router(config-router)#network 10.10.10.0 0.0.0.255 area 0 +Router(config-router)#ex +//设置IP +Router(config)#in g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip address 20.20.20.1 255.255.255.0 +Router(config-if)#ex +//设置静态 +Router(config)#ip route 30.30.30.0 255.255.255.0 20.20.20.2 +//将动态OSPF转为静态 +Router(config)#router ospf 1 +Router(config-router)#redistribute static subnets +Router(config-router)#end + +Router# +%SYS-5-CONFIG_I: Configured from console by console + +Router#show ip route +Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP + D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area + N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 + E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP + i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area + * - candidate default, U - per-user static route, o - ODR + P - periodic downloaded static route + +Gateway of last resort is not set + + 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks +C 10.10.10.0/24 is directly connected, GigabitEthernet0/0 +L 10.10.10.2/32 is directly connected, GigabitEthernet0/0 + 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks +C 20.20.20.0/24 is directly connected, GigabitEthernet0/1 +L 20.20.20.1/32 is directly connected, GigabitEthernet0/1 + 30.0.0.0/24 is subnetted, 1 subnets +S 30.30.30.0/24 [1/0] via 20.20.20.2 +``` + +#### 静态:(需要将自己设为默认,中间路由另一端设置为静态) + +``` +Router>en +Router#conf t +//设置端口IP +Router(config)#inter g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip addres 20.20.20.2 255.255.255.0 +Router(config-if)#ex +//设置静态 +Router(config)#inter g0/0 +Router(config-if)#no shutdown +Router(config-if)#ip address 30.30.30.1 255.255.255.0 +Router(config-if)#ex +//设置默认 +Router(config)#ip route 0.0.0.0 0.0.0.0 20.20.20.1 +Router(config)#ex +``` + +ping通:![4](https://gitee.com/carpte/gallery/raw/master/img/4.png) + +# 第三题 + +![5](https://gitee.com/carpte/gallery/raw/master/img/5.png) + +#### RIP: + +``` +Router>en +Router#conf t +//设置端口 IP +Router(config)#inter g0/0 +Router(config-if)#no shutdown +Router(config-if)#ip address 50.50.50.2 255.255.255.0 +Router(config-if)#ex + +//设置RIp +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#network 50.50.50.0 +Router(config-router)#ex + +//设置另一端口的IP +Router(config)#inter g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip address 60.60.60.1 255.255.255.0 +Router(config-if)#ex +//设置静态下一跳为下一个路由的出口IP +Router(config)#ip route 70.70.70.0 255.255.255.0 60.60.60.2 +Router(config)#ex +//将RIp转为静态 +Router(config)#route rip +Router(config-router)#version 2 +Router(config-router)#redistribute static +``` + +#### 静态路由: + +``` +Router>en +Router#conf t + +Router(config)#inter g0/1 +Router(config-if)#no shutdown +Router(config-if)#ip address 60.60.60.2 255.255.255.0 +Router(config-if)#ex + +Router(config)#inter g0/0 +Router(config-if)#no shutdown + +Router(config-if)#ip address 70.70.70.1 255.255.255.0 +Router(config-if)#ex +//该路由器设置为默认路由!!吓一跳为对面的 +Router(config)#ip route 0.0.0.0 0.0.0.0 60.60.60.1 +``` + +ping通:![6](https://gitee.com/carpte/gallery/raw/master/img/6.png) \ No newline at end of file diff --git "a/25 \351\231\210\346\201\255\347\204\225/20250424 \347\254\224\350\256\260.md" "b/25 \351\231\210\346\201\255\347\204\225/20250424 \347\254\224\350\256\260.md" new file mode 100644 index 0000000000000000000000000000000000000000..2c577a40aae22fcc296ab3aee2620c3cff755ada --- /dev/null +++ "b/25 \351\231\210\346\201\255\347\204\225/20250424 \347\254\224\350\256\260.md" @@ -0,0 +1,106 @@ +| 访问控制列表(ACL,Access Control List)是思科设备中用于***\*流量过滤\****和***\*安全策略\****的核心技术,广泛应用于: | | | +| ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | +| | [2](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_2) | | +| | [3](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_3) | - ***\*网络安全\****:限制非法访问(如阻止攻击流量)。 | +| | [4](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_4) | - ***\*流量控制\****:允许/拒绝特定服务(如HTTP、SSH)。 | +| | [5](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_5) | - ***\*策略路由\****:结合路由映射(Route-map)实现高级选路。 | +| | [6](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_6) | | +| | [7](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_7) | 本指南涵盖***\*标准ACL、扩展ACL、命名ACL\****的语法、配置案例及验证方法,适用于CCNA/CCNP学习及实际工程部署。 | +| | [8](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_8) | | +| | [9](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_9) | --- | +| | [10](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_10) | | +| | [11](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_11) | | +| | [12](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_12) | | +| | [13](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_13) | ### **一、ACL类型** | +| | [14](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_14) | | +| | [15](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_15) | \| 类型 \| 编号范围 \| 匹配依据 \| 特点 \| | +| | [16](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_16) | \| ----------- \| ------------------ \| ------------------------ \| ------------------ \| | +| | [17](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_17) | \| ***\*标准ACL\**** \| 1-99, 1300-1999 \| 仅源IP地址 \| 简单,效率低 \| | +| | [18](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_18) | \| ***\*扩展ACL\**** \| 100-199, 2000-2699 \| 源IP、目的IP、协议、端口 \| 精细控制,推荐使用 \| | +| | [19](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_19) | | +| | [20](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_20) | --- | +| | [21](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_21) | | +| | [22](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_22) | ### **二、标准ACL语法** | +| | [23](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_23) | | +| | [24](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_24) | #### **1. 创建ACL** | +| | [25](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_25) | | +| | [26](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_26) | ```bash | +| | [27](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_27) | access-list <编号> <动作> <源IP> <通配符掩码> | +| | [28](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_28) | # 编号范围 1-99 | +| | [29](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_29) | # 动作:permit 允许 、 deny 拒绝 | +| | [30](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_30) | ``` | +| | [31](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_31) | | +| | [32](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_32) | #### **2. 示例** | +| | [33](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_33) | | +| | [34](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_34) | ```bash | +| | [35](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_35) | access-list 10 permit 192.168.1.0 0.0.0.255 # 允许192.168.1.0/24g整个网络 | +| | [36](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_36) | access-list 10 permit 192.168.10.2 # 允许192.168.10.2单个IP通过 | +| | [37](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_37) | access-list 10 deny any # 拒绝其他所有流量 | +| | [38](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_38) | ``` | +| | [39](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_39) | | +| | [40](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_40) | #### **3. 应用ACL** | +| | [41](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_41) | | +| | [42](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_42) | ```bash | +| | [43](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_43) | # 语法分两步骤 | +| | [44](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_44) | # 步骤1:先选择要应用ACL的端口 如 interface g0/0 | +| | [45](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_45) | # 步骤2:通过ACL编号及方向来应用ACL,格式如下 | +| | [46](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_46) | ip access-group <编号> <方向> # | +| | [47](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_47) | # 方向 in / out 代表流量流入/流出路由器的方向 | +| | [48](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_48) | # 示例: | +| | [49](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_49) | interface GigabitEthernet0/0 # 第一步,进入G0/0端口 | +| | [50](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_50) | ip access-group 10 **in** # 第二步,在G0/0端口的入口方向应用编号为10的ACL | +| | [51](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_51) | ``` | +| | [52](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_52) | | +| | [53](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_53) | --- | +| | [54](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_54) | | +| | [55](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_55) | ### **三、扩展ACL语法** | +| | [56](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_56) | | +| | [57](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_57) | #### **1. 创建ACL** | +| | [58](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_58) | | +| | [59](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_59) | ```cisco | +| | [60](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_60) | access-list <100-199\|2000-2699> {permit\|deny} <协议> <源IP> <通配符掩码> [源端口] <目的IP> <通配符掩码> [目的端口] [选项] | +| | [61](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_61) | ``` | +| | [62](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_62) | | +| | [63](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_63) | #### **2. 常用协议关键字** | +| | [64](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_64) | | +| | [65](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_65) | - `ip`:所有IP流量 | +| | [66](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_66) | - `tcp`:TCP协议 | +| | [67](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_67) | - `udp`:UDP协议 | +| | [68](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_68) | - `icmp`:ICMP协议 | +| | [69](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_69) | | +| | [70](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_70) | #### **3. 示例** | +| | [71](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_71) | | +| | [72](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_72) | ##### **(1)允许特定TCP端口** | +| | [73](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_73) | | +| | [74](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_74) | ```cisco | +| | [75](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_75) | access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 80 ! 允许192.168.1.0/24访问任意HTTP | +| | [76](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_76) | access-list 101 deny tcp any any eq 22 ! 拒绝所有SSH流量 | +| | [77](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_77) | access-list 101 permit ip any any ! 允许其他所有IP流量 | +| | [78](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_78) | ``` | +| | [79](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_79) | | +| | [80](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_80) | ##### **(2)允许ICMP(Ping)** | +| | [81](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_81) | | +| | [82](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_82) | ```cisco | +| | [83](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_83) | access-list 102 permit icmp any any echo-reply ! 允许Ping回应 | +| | [84](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_84) | access-list 102 permit icmp any any echo ! 允许发起Ping | +| | [85](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_85) | ``` | +| | [86](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_86) | | +| | [87](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_87) | ##### **(3)拒绝特定子网访问** | +| | [88](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_88) | | +| | [89](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_89) | ```bash | +| | [90](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_90) | # 拒绝来自192.168.10.0网段主机的IP流量访问172.16.1.0的主机 | +| | [91](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_91) | access-list 103 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255 | +| | [92](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_92) | #允许其它任意网络IP流量访问任意网络(除上一条拒绝的以外) | +| | [93](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_93) | access-list 103 permit ip any any | +| | [94](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_94) | ``` | +| | [95](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_95) | | +| | [96](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_96) | #### **4. 应用ACL** | +| | [97](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_97) | | +| | [98](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_98) | ```cisco | +| | [99](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_99) | interface GigabitEthernet0/1 | +| | [100](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_100) | ip access-group 101 out ! 在接口出方向应用 | +| | [101](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_101) | ``` | +| | [102](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_102) | | +| | [103](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_103) | --- | +| | [104](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_104) | | +| | [105](https://gitee.com/level-23-cloud/computer-network-basic/pulls/824/files#e19bdf8d0b64fec8f0a564c0c05af6feeffb10ca_0_105) | ### | \ No newline at end of file