The ACL Access Control List (ACL) is the command List of the vro and vswitch interfaces. It is used to Control incoming and outgoing packets on the port. A table contains matching relationships, conditions, and query statements. It is a framework structure to control a specific access;
Www.2cto.com
(1) ,*************************************** * *** basic principles:
The acl uses the packet filtering technology to read information (Source Address, Destination Address, source port, and destination port) in the layer 3 and Layer 4 headers on the route. The information is filtered according to pre-defined rules)
Acl standard range: 2000-2999
Acl Extended Range No. 3000---3999
**************************************** ******
(2) ACL:
1. Execute that type of communication traffic on the vro port to pass or reject the traffic. You can apply a policy based on the protocol or port! For example, you can allow www (port 80) Communication and reject telnet communication;
2. Provide basic means for secure network access;
3. It can limit excessive network traffic and provide network performance;
**************************************** ******
(3) ACL type:
There are two mainstream ACLs: Standard ACL and extended ACL.
Cisco device ACL
Standard ACL: 1-99 and 1300---1999
Extended ACL: 100-199 and 2000--2699
Www.2cto.com
ACL Access Control List Experiment
Purpose:
Vlan10, 20, and 30 can access vlan40 (server), but cannot access each other. vlan40 can access vlan10, 20, and 30.
Tutorial steps:
(1) configure the four sub-interfaces of eth1 on the vro as the vlan gateway!
(2) apply the standard ACL Policy to the corresponding sub-interface;
Lab Verification:
(1) first, use the server machine in vlan 40 for verification:
(2) and then use vlan10, 20, and 30 for verification:
Vlan10
Vlan20
Vlan 30
Source http://dchanyu.blog.51cto.com/3346494/799257