Access control list ACL is mainly used in a corporate LAN, some departments or staff access to make rules, traffic filtering, and not only LAN, if you know the external network segment and port, can also be limited.
ACL Considerations:
1) Rule entries in a table cannot have conflicting existence
2) Default deny all traffic for all hosts after ACL table is established
3) Because the ACL table has priority existence all must think well to reject and allow that to be written first
4) ACLs can only be used on a three-layer switch or router
5) Application of ACL includes two steps: Create ACL to apply ACL on port (if VLAN is applied at VLAN port, if no VLAN is applied in physical port)
6) When configuring a named ACL, if the ACL entry does not specify a priority, the newly added default is the last one in the ACL table
7) The same ACL table can be applied to multiple ports, provided that no conflict
8) network device management address, is used for remote administration of the address
ACL configuration process:
The network topology environment below, now want to prohibit 1.1 access to 2.1 of the Web server, but does not affect other communications.
650) this.width=650; "title=" 10.png "src=" http://s3.51cto.com/wyfs02/M01/72/36/wKiom1Xep3ewo7ZkAADGYOFQpFg014.jpg "alt=" Wkiom1xep3ewo7zkaadgyofqpfg014.jpg "/>
1. Configure the 2.1 Web
650) this.width=650; "style=" Float:none; "title=" 1.png "src=" http://s3.51cto.com/wyfs02/M02/72/33/ Wkiol1xeqx3hzpsxaadaz7yx-yy124.jpg "alt=" Wkiol1xeqx3hzpsxaadaz7yx-yy124.jpg "/>
2. Configure the 2.2 Web
650) this.width=650; "style=" Float:none; "title=" 2.png "src=" http://s3.51cto.com/wyfs02/M02/72/36/ Wkiom1xep2xhs8wlaac0apwml5k948.jpg "alt=" Wkiom1xep2xhs8wlaac0apwml5k948.jpg "/>
3. First establish an ACL on the router
650) this.width=650; "style=" Float:none; "title=" 3.png "src=" http://s3.51cto.com/wyfs02/M00/72/33/wKioL1XeqX2Cm9x_ Aaajznfthpk493.jpg "alt=" Wkiol1xeqx2cm9x_aaajznfthpk493.jpg "/>
4. Establish the appropriate rules
650) this.width=650; "style=" Float:none; "title=" 4.png "src=" http://s3.51cto.com/wyfs02/M00/72/36/ Wkiom1xep2wjwfyvaaa1xxwh3tc008.jpg "alt=" Wkiom1xep2wjwfyvaaa1xxwh3tc008.jpg "/>
5. Finally, be sure to add the Allow/disable all entries
650) this.width=650; "style=" Float:none; "title=" 5.png "src=" http://s3.51cto.com/wyfs02/M01/72/33/ Wkiol1xeqx6jkitpaaaee1t2neu700.jpg "alt=" Wkiol1xeqx6jkitpaaaee1t2neu700.jpg "/>
6. Enter the router's inlet, using this ACL
650) this.width=650; "style=" Float:none; "title=" 6.png "src=" http://s3.51cto.com/wyfs02/M01/72/33/ Wkiol1xeqkqtjmpoaabb4fvzpfy102.jpg "alt=" Wkiol1xeqkqtjmpoaabb4fvzpfy102.jpg "/>
7. Test PC and server communication
650) this.width=650; "style=" Float:none; "title=" 7.png "src=" http://s3.51cto.com/wyfs02/M01/72/37/ Wkiom1xeqdhsmmhaaaggq0hr_l0990.jpg "alt=" Wkiom1xeqdhsmmhaaaggq0hr_l0990.jpg "/>
8. Test the PC to access two separate web
650) this.width=650; "style=" Float:none; "title=" 8.png "src=" http://s3.51cto.com/wyfs02/M02/72/33/ Wkiol1xeqkqxawlsaaa4mmxsaxq776.jpg "alt=" Wkiol1xeqkqxawlsaaa4mmxsaxq776.jpg "/>
650) this.width=650; "style=" Float:none; "title=" 9.png "src=" http://s3.51cto.com/wyfs02/M02/72/37/ Wkiom1xeqdlckov7aabq_zs_tuk788.jpg "alt=" Wkiom1xeqdlckov7aabq_zs_tuk788.jpg "/>
Cisco device configuration ACL access control list