From 2c8e932a34b2c84eb48d23dbf7ffcb78f4a5fbdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=A8=81=E9=9C=86?= <2214508616@qq.com> Date: Thu, 24 Apr 2025 22:50:30 +0800 Subject: [PATCH] 1 --- ...345\231\250ACL\351\205\215\347\275\256.md" | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 "04 \345\220\264\345\250\201\351\234\206/20250424 \350\267\257\347\224\261\345\231\250ACL\351\205\215\347\275\256.md" diff --git "a/04 \345\220\264\345\250\201\351\234\206/20250424 \350\267\257\347\224\261\345\231\250ACL\351\205\215\347\275\256.md" "b/04 \345\220\264\345\250\201\351\234\206/20250424 \350\267\257\347\224\261\345\231\250ACL\351\205\215\347\275\256.md" new file mode 100644 index 0000000..c680a61 --- /dev/null +++ "b/04 \345\220\264\345\250\201\351\234\206/20250424 \350\267\257\347\224\261\345\231\250ACL\351\205\215\347\275\256.md" @@ -0,0 +1,101 @@ +# 笔记 + +## 一.标准ACL语法 + +#### **1. 创建ACL** + +```bash +access-list <编号> <动作> <源IP> <通配符掩码> +# 编号范围 1-99 +# 动作:permit 允许 、 deny 拒绝 +``` + +#### **2. 示例** + +```bash +access-list 10 permit 192.168.1.0 0.0.0.255 # 允许192.168.1.0/24g整个网络 +access-list 10 permit 192.168.10.2 # 允许192.168.10.2单个IP通过 +access-list 10 deny any # 拒绝其他所有流量 +``` + +#### **3. 应用ACL** + +```bash +# 语法分两步骤 +# 步骤1:先选择要应用ACL的端口 如 interface g0/0 +# 步骤2:通过ACL编号及方向来应用ACL,格式如下 +ip access-group <编号> <方向> # +# 方向 in / out 代表流量流入/流出路由器的方向 +# 示例: +interface GigabitEthernet0/0 # 第一步,进入G0/0端口 +ip access-group 10 in # 第二步,在G0/0端口的入口方向应用编号为10的ACL +``` + +![Snipaste_2025-04-24_09-59-45](https://gitee.com/wwwt006/bed/raw/master/images/202504242249325.png) + +# 二.作业及练习 + + + +![Snipaste_2025-04-24_10-09-41](https://gitee.com/wwwt006/bed/raw/master/images/202504242250519.png) + +```cmd +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.10.1 +Router(config)#access-list 10 deny any +Router#conf t +Router(config)#interface g0/1 +Router(config-if)#ip access-group 10 in +Router(config-if)# + +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.20.0 0.0.0.255 +Router(config)#access-list 10 deny any +Router(config)#interface g0/1 +Router(config-if)#ip access-group 10 in +Router(config-if)# +``` + + + +![Snipaste_2025-04-24_10-33-43](https://gitee.com/wwwt006/bed/raw/master/images/202504242250539.png) + +```cmd +路由器3 +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.10.1 +Router(config)#access-list 10 deny any +Router(config)#interface g0/2 +Router(config-if)#ip access-group 10 out +Router(config-if)# + +路由器1 +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.30.1 +Router(config)#access-list 10 deny any +Router(config)#interface g0/2 +Router(config-if)#ip access-group 10 out +Router(config-if)# + +路由器5 +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.20.2 +Router(config)#access-list 10 deny any +Router(config)#interface g0/0 +Router(config-if)#ip access-group 10 out +Router(config-if)# + +路由器4 +Router>en +Router#conf t +Router(config)#access-list 10 permit 192.168.10.1 +Router(config)#access-list 10 deny any +Router(config)#interface g0/0 +Router(config-if)#ip access-group 10 in +Router(config-if)# +``` \ No newline at end of file -- Gitee