Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • IP Access Lists Com

    Încărcat de

    CCNAResources
    151 vizualizări1 pagină
    IP Access Lists com

    Titlu original

    IP Access Lists com

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    IP Access Lists com

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    151 vizualizări1 pagină

    IP Access Lists Com

    Încărcat de

    CCNAResources
    IP Access Lists com

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 1

    IP ACCESS LISTS CCNA4.

    com

    Standard IP ACL Syntax Actions

    ! Legacy syntax permit Allow matched packets


    access-list <number> {permit | deny} <source> [log]
    deny Deny matched packets
    ! Modern syntax remark Record a config comment
    ip access-list standard {<number> | <name>}
    [<sequence>] {permit | deny} <source> [log] evaluate Evaluate a reflexive ACL

    Extended IP ACL Syntax

    ! Legacy syntax
    access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]

    ! Modern syntax
    ip access-list extended {<number> | <name>}
    [<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]

    ACL Numbers Source/Destination Definitions


    1-99 any Any address
    IP standard
    1300-1999
    host <address> A single address
    100-199
    IP extended <network> <mask> Any address matched by the wildcard mask
    2000-2699
    200-299 Protocol IP Options
    300-399 DECnet dscp <DSCP> Match packets with the given DSCP value
    400-499 XNS fragments Check non-initial fragments
    500-599 Extended XNS option <option> Match packets with the specified IP option
    600-699 Appletalk precedence <0-7> Match packets with the given precedence value
    700-799 Ethernet MAC ttl <count> Match packets with the given Time To Live
    800-899 IPX standard TCP/UDP Port Definitions
    900-999 IPX extended eq <port> Equal to neq <port> Not equal to
    1000-1099 IPX SAP lt <port> Less than gt <port> Greater than
    1100-1199 MAC extended range <port> <port> Matches a range of port numbers
    1200-1299 IPX summary
    Miscellaneous Options
    TCP Options reflect <name> Create a reflexive ACL
    ack Match ACK flag time-range <name> Enable rule only during the specified time range
    fin Match FIN flag
    Applying ACLs to Restrict Traffic
    psh Match PSH flag
    interface FastEthernet0/0
    rst Match RST flag ip access-group {<number> | <name>} {in | out}
    syn Match SYN flag
    Troubleshooting
    urg Match URG flag
    show access-lists {<number> | <name>}
    established Match packets in a pre-
    established session show ip access-lists {<number> | <name>}
    show ip access-lists interface <interface>
    Logging Options
    show ip access-lists dynamic
    log Log ACL entry matches
    show ip interface [<interface>]
    log-input Log matches with ingress
    interface and source MAC show time-range [<name>]

    by Jeremy Stretch v1.1

    S-ar putea să vă placă și