Before giving you a detailed introduction to the Cisco router ACL, first let everyone know about the ACL, and then give a full introduction to the mask to block the scam attack. Wildcard-mask wildcard mask in the Cisco router ACL Access Control List ).
Brief: The wildcard mask (or anti-mask) used in the router is used together with the source or target address to identify the matched address range. The Cisco router ACL wildcard mask tells the router to check the number of bits in the IP address to determine a match. This address mask allows us to use only two 32-bit numbers to determine I... hotspot: Ctrix, HP, EMC, CIW, Oracle, Comptia, IBM, Certification, Exams, Questions, Bootcamp, Braindumps-TestInside
The wildcard mask (or anti-mask) used in the router is used together with the source or target address to identify the matched address range. The wildcard mask tells the router to check the number of bits in the IP address to determine the matching. This address mask allows us to use only two 32-bit numbers to determine the IP address range. If the mask is not used, we must add each IP address to a separate access list statement.
This will cause a lot of extra input and a lot of extra processing processes on the router. In the access list, set one of the wildcard masks to 1, indicating that the corresponding bit in the IP address can be 1 and 0. This bit is also called an "irrelevant" bit. If the mask bit is set to 0, the corresponding bit in the IP address must be exactly matched. The following describes the mask of the Cisco router ACL. For example, if the anti-mask is 0.0.0.0, 192.168.0.1 represents an IP address of 192.168.0.1.
The anti-mask values are 0 and must be matched. If the anti-mask is 192.168.0.1 with 255.255.255.255, all IP addresses are in the range. All anti-masks are 1 and do not need to be matched.) If the anti-mask is 0.0.255, 192.168.0.1 represents 192.168.0.1-255. The range of anti-mask 255.255.255.0 is converted to the binary format of 255.255.255..255.255..111111, that is, the first 16 bits need to be matched, and only the last eight BITs do not need to be matched.) The wildcard mask detector can be downloaded at http://www.boson.com/freeutilities.html.
The order in which the Cisco router ACL is executed: from top down, if a packet encounters a matching statement, it will stop executing the subsequent statement. When writing the ACL, you must follow the principle of writing the statements with the most accurate match. Only in this way can you ensure that useless ACL statements do not appear. When using a vro to connect to the internet and ACL, We Need To Block inbound traffic from internal IP addresses to block spoofing attacks. That is
Deny10.0.0.00.00000000255
Deny172.16.0.00.15.255.255
Deny192.168.0.00.0.0000255
Deny127.0.0.00.00000000255