650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/8B/wKioL1Q_fInTLAVHAAEg1Mbswec165.jpg "Title =" 4.png" alt = "wkiol1q_fintlavhaaeg1mbswec165.jpg"/>
Router (config) # int F1/1
Router (config-If) # IP Access-group 100 in
Router (config-If) # exit
Router (config) # $ access-list 100 permit IP 192.168.1.0 0.0.255 host 192.168.100.10
Router (config) # $ access-list 100 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ Telnet
Router (config) # $ access-list 100 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 22
Router (config) # $ access-list 100 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 21
Router (config) # $ access-list 100 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 3389
Router (config) # int F1/1
Router (config-If) # IP Access-group 100 in
# Connect only the network segment of 192.168.1.0 to the server through SSH, telnet, and the Transport desktop, and apply it to port F1/1.
Router (config) # $ access-list 101 permit IP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 80
Router (config-If) # int F1/2
Router (config-If) # IP Access-group 101 in
# Allow all hosts in the Intranet to access port 80 of 192.168.100.10 and apply it to port F1/2
Router (config) # $ access-list 101 permit TCP any host 192.168.100.10 EQ 80
Router (config-If) # int F1/3
Router (config-If) # IP Access-group 101 in
# Allow all hosts on the Internet to access port 80 of 192.168.100.10 and apply it to port F1/3.
Run the command to view the access control list.
Router # sh access-list
Extended IP address access list 100
10 permit IP 192.168.1.0 0.0.255 host 192.168.100.10
20 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ Telnet
30 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 22
40 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ FTP
50 deny TCP 192.168.0.0 0.0.255.255 host 192.168.100.10 EQ 3389
Extended IP address access list 101
10 permit IP 192.168.0.0 0.0.255.255 host 192.168.100.10
Extended IP address access list 102
10 permit TCP any host 192.168.100.10 EQ WWW
This article from the "Dragon love Xueqi" blog, please be sure to keep this source http://dragon123.blog.51cto.com/9152073/1564841
Case study of ACL Access Control List