Home > Others

ACL Standard Control List and extended control list

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

ACL Standard Control List and extended control list lo0: 2.2 r1 (R2) s1/0 ---- s2/0 r1 (R1) lo0 1.1 s1/0 -------- s2/0 r3 lo0 3.3 step 1... www.2cto.com r1: en config t hostname R2 no ip domain-lookup lin 0 exec-timeout 0 0 logging syn exit int lo 0 ip add 2.2.2.2 limit 255 exit int s1/0 ip add 12.1.1.2 limit 255.0 no shutdown exit r2 en config t hostname R1 no ip domain-lookup lin 0 exec-timeout 0 0 logging syn exit int lo 0 ip Add 1.1.1.1 255.255.255.255 exit int s2/0 ip add 12.1.1.1 255.255.255.0 no shutdown exit int s1/0 ip add 13.1.1.1 255.255.255.0 no shutdown exit r3 en config t hostname R3 no ip domain-lookup lin 0 exec -timeout 0 0 logging syn exit int lo 0 ip add 3.3.3.3 255.255.255.255 exit int s2/0 ip add 13.1.1.3 255.255.255.0 no shutdown exitR1 ping 12.1.1.2R1 Ping 13.1.1.3 ----------------------------------- ---------------------------- Step 2 ...... r1 ip route 2.2.2.2 255.s2/0 12.1.1.2R1 ip route 3.3.3.3 255.s1/0 13.1.1.3R2 ip route 1.1.1.1 255.s1/0 12.1.1.1R2 ip route 3.3.3.3 255.s1/0 12.1.1.1R2 ip route 13.1.1.0 255.255.255.0 s1/0 12.1.1.1R3 ip route 1.1.1.1 255.255.255.255 s2/0 13.1.1.1R3 ip route 2.2.2.2 255.255.255.255 s2/0 13.1.1.1R3 ip route 12.1.1. 0 worker s2/0 worker ping 2.2.2.2 source loopback 0R1 ping 3.3.3.3 source loopback 0R2 ping 1.1.1.1 source loopback 0R2 ping 3.3.3.3 source loopback 0R3 ping 2.2.2.2 source loopback 0R3 ping 1.1.1.1 source loopback 0R3 ping 12.1.1.1 worker 0 -------------------------------------------------------------------- step 3 ..... r2 ping 3.3.3.3 source loopback 0r1 debug ip packetr1 int s 2/0 no ip route-cache endr1 unde allr1 show ip route --------------------------------------------------------------- step 4... r1 access-list? Access-list 10? Access-list 10 deny? Access-list 10 deny 2.2.2.2? Access-list 10 deny host 2.2.2.2r1 show ip access-list 10 ---------------------------------------------------------------- step 5... r1 config t int s2/0 ip access-group 10? Ip access-group 10 in endr2 ping 3.3.3.3 source loopback 0r1 debug ip packetr2 ping 3.3.3.3 source loopback 0r1 unde allr3 debug ip packetr2 ping 3.3.3.3.3 source loopback 0 unlock step 5 second approach r1 config t int s2/0 no ip access-group 10 in exit int s1/0 ip access-group 10 out endr1 debug ip packetr2 ping 3.3.3.3 source loopback 0 ...... this is timeout r3. Debug ip packet still cannot receive package ready step 6r2 config t int lo 0 ip add too many 255.255.255.255.255 endr1 ip route 255.255.255.255 s2/0 12.1.1.2 endr3 ip route 255.255.255.255.s2/0 13.1.1.1r2 int lo0 ip add 2.2.2.2 255.255.255.255 secondary end show ip int brir1 no access-list 10 show ip access-list r1 config t access-list 10 deny host 2.2.2.2 end show ip access-listr2 ping 3.3.3.3 source 2.2.2.2r1 show ip access-listr2 ping 3.3.3.3 source 22.22.22.22r1 show ip access-list because it does not pass 22.22.22.22 entries acl default deny r1 config t access- list 10 deny any // access-list 10 permit any show ip access-list access control list control layer forwarding layer control layer Change forwarding layer Change router package split to Layer 3 ip layer each Router the third layer of the data packet first queries the ACL and then queries the route table standard: based on the source address (ip address) Extension: based on the source address, the destination address, port number, Protocol Number, whether standard or extended ACL, are both rejected by default. The package router is not rejected. Why cannot this list be placed on R2? Because the router will not reject its own packet sending

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
mas control list tivo remote control code list active directory user account control codes list ge universal remote control code list ge universal remote control code list control transaction and concurrency control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More