Home > Others

Detailed Cisco access control List ACLs

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


One: Access Control List Overview • An access control list (ACL) is a list of instructions that are applied to the router interface. These instruction lists are used to tell the router which packets can pass, and which packets need to be rejected. ·How it works: it reads the information in the third and fourth layers of Baotou, such as source address, destination address, source port, destination port, and so on.                                     The packet is filtered according to pre-set rules to achieve the purpose of access control. • Practical application: Block a network segment from accessing the server.                                      Block a network segment from accessing the B segment, but the B segment can access a network segment. Security can be achieved by prohibiting certain ports from entering the network. two: Standard ACLThe  ·  standard access control list only checks the source address of packets routed by the router. If a segment is disabled using the standard access control list, all hosts and all protocols under that network segment are prohibited.   If a network segment is forbidden, all hosts under the  a network segment cannot access the server, while the host under the B network segment can.        with numbers between 1----99 as the table number      generally used for local area networks, it is best to apply the standard ACL to the location closest to the destination address.    configuration of the standard ACL: Router (config) #access-list   table number    deny (Forbidden)     segment/IP address     Anti-mask                                   * * Prohibit a network segment or a Ip router (config) #access-list   table number    permit (allow)    Any note: By default all networks are set to prohibited, so other network segments should be released.  router (config) #interface interface        ****** enter the interface to which you want to apply this ACL (because access control lists can only be applied in interface mode)  router (config-if) #ip   access-group   table number      out/in        * * * * * Set this interface as out or in    where Router (config) #access-list 10 Deny 192.168.0.1 0.0.0.0                                      =         Router (config) #access-list deny     host 192.168.0.1           router (config) # access-list  deny  0.0.0.0 255.255.255.255                           =           router (config) #access-list  10  deny   any  router#show access-lists                  ****** view access control list.     how the standard access control list works. (Each time the data goes into each port of the router, the following process occurs.) Note: The order is important when you configure access control lists. Be sure to follow the specific to Universalorder to arrange entries. For example, to deny a specific host address and allow other hosts, make sure that the entry for this specific host is up to date. three: Extended ACLThe    extended access Control list checks the packet source address, destination address, source port, and destination port. If you use an extended access control list to prohibit a network segment from accessing another network segment, all hosts under the A network segment cannot access the B segment, and the host under the B network segment can access a network segment.      with a number between----199 as the table number      is generally used for the external network, so it is best to apply the extended ACL to the location closest to the source address.   Configure the Extended access control list. Router (config) #access-list   table number      deny (Forbidden)    Protocol    Source IP address/network segment     Anti-mask     destination IP address/network segment      anti-mask     eq  Port                                                           ****** Prohibit a network segment (source network segment) under a protocol (or a port) access to the B segment (destination network segment)  router (config) #access-list  table number      permit     ip  any  Any note: Extended ACLs By default all networks are also set to prohibit, so other network segments should be released.  router (config) #interface interface           ********** Enter the interface to which you want to apply this ACL  router (config-if) #ip access-group  table number   out/in          ****** activates the interface under the Access control list, and sets this interface as a out/in according to the actual situation.     Common Port and its owning protocol.    How the Extended Access Control List works: (each time the data enters each port of the router, the following process occurs.) )       

From for notes (Wiz)

Detailed Cisco access control List ACLs

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
nac network access control cisco cisco 1120 secure access control system mandatory access control vs discretionary access control mandatory access control vs discretionary access control mac media access control php access control php user access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More