Router ip Address Access Control List function machine configuration

Router ip Address Access Control List function machine configuration the access control list provided by the router can provide a basic firewall function for the router. It can filter insecure data packets, such as attack packets, according to some rules, to ensure the security and reliability of the network. The core of the access control list is to filter data packets according to rules to prevent virus packets, scan packets, and attack packets from attacking the network through routers. In addition, the access control list can also limit network traffic, prevent unnecessary data packets from being routed to improve bandwidth utilization and network performance. Here, www.2cto.com is based on the ip address access control list as an example: 1) Classification of the ip address access pants list: Standard Access Control List: only the source address of the data packet can be checked. The table number ranges from 1 to 99. The expanded table number ranges from 1300 to 1999. The Expanded access control list checks the Source and Destination addresses of the data packets. Data packet filtering is determined based on the original network, destination network, subnet mask, and Host IP address. The List also checks the specified protocol and port number. The table number ranges from 100 to 199, and is expanded to 2000-2699. 2) configure the access control list. Follow these steps: first, create a control list, then, configure the filtering criteria and port, and then configure the application interface. For the standard control list, the syntax format is: access-list accessliast-number permit/deny source wildcard-mask (this is the wildcard character of the access control list ). Note that the standard access control list only checks the source address of the data packet. First, set the conditions, then enter the port, and finally accesslist-number in. General permit and deny are used together. For the extended access control list at www.2cto.com, the syntax format is access-list number permit/deny protocol source wildcard-mask destination wildcard-mask operator/operand. Use the ip access-list command: in global mode: The command format is ip access-list extended/standerd access-list-number/name. In extended or standard access control mode: command Format: permit/deny protocol source wildcard-mask destination wildcard-mask operator/operand