Vroacl ACL Access Control List

Router ACL Access Control List, used to control network rules and traffic through interfaces. One excuse is that only one control list www.2cto.com can be applied in one direction ~ 99) control the extended control list based on the source IP address (serial number 100 ~ 199) control the name control list based on the source and target addresses, transport layer protocol, and application port number. The control list replaces the data with the name. The standard control list is used to configure an instance to create an access control list router (router) # access-list 1 deny 172.16.4.13 0.0.0.0 block a host (available host) router (router) # access-list 1 permit 172.16.0.0 0.0.255.255 allow network segment router (router) # aceess-list 1 permit 0.0.0.0 255.255.255.255 allow all applications to the interface router (config-if) # ip access-group 1 out/in out direction extended control list configure instance create access control list protocol source address destination address and other ports router (config) # access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 router (config) # access-list 101 permit ip any allows all the router (config-if) through the application to the interface) # ip access-grouup 101 out/in naming Control list configuration instance www.2cto.com create naming Control list router (config) # ip access-list extended xiaoliu name: xiaoliurouter (config-ext-nacl) # deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 23 router (config-ext-nacl) # permit ip any application to the interface rouer (config-if) ip access-group xiaoliu out/inrouter # show ip interface View interface Control list information router # show access-list View Control list note: 1. Use of anti-subnet mask 2. After blocking is configured, you must configure to allow all.