Contents
Kinh Nghiệm Hướng dẫn Access-list extended command Mới Nhất
Bạn đang tìm kiếm từ khóa Access-list extended command được Update vào lúc : 2022-02-06 07:22:21 . Với phương châm chia sẻ Kinh Nghiệm về trong nội dung bài viết một cách Chi Tiết Mới Nhất. Nếu sau khi Read nội dung bài viết vẫn ko hiểu thì hoàn toàn có thể lại Comments ở cuối bài để Tác giả lý giải và hướng dẫn lại nha.
Extended Access-List
Prerequisite – Access-lists (ACL), Standard Access-list
Access-list (ACL) is a set of rules defined for controlling network traffic and reducing network attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or outgoing of the network.
Nội dung chính
- Extended Access-ListHướng dẫn thông số kỹ thuật Access-list (ACLs) trên thiết bị CiscoExtended Access Control Lists, syntax of access-list IOS command to create an Extended Access Control List (ACL)
Extended Access-list –
It is one of the types of Access-list which is mostly used as it can distinguish IP traffic therefore the whole traffic will not be permitted or denied like in standard access-list. These are the ACL that uses both source and destination IP address and also the port numbers to distinguish IP traffic. In this type of ACL, we can also mention which IP traffic should be allowed or denied. These use range 100-199 and 2000-2699.
Features –
Extended access-list is generally applied close to the source but not always.
In the Extended access list, packet filtering takes place on the basis of source IP address, destination IP address, port numbers.
In an extended access list, particular services will be permitted or denied.
Extended ACL is created from 100 – 199 & extended range 2000 – 2699.
If numbered with extended Access-list is used then remember rules can’t be deleted. If one of the rules is deleted then the whole access list will be deleted.
If named with extended Access-list is used then we have the flexibility to delete a rule from the access list.
Configuration –
Here is a small topology in which there are 3 departments namely sales, finance, and marketing. The sales department has a network of 172.16.10.40/24, the Finance department has a network of 172.16.50.0/24, and the marketing department has a network of 172.16.60.0/24. Now, we want to deny the FTP connection from the sales department to finance department and deny telnet to the Finance department from both the sales and marketing departments.
Now, first configuring numbered extended access – list for denying FTP connection from sales to finance department.
R1# config terminal
R1(config)# access-list 110
deny tcp 172.16.40.0 0.0.0.255 172.16.50.0 0.0.0.255 eq 21
Here, we first create a numbered Access-list in which we use 110 (used from extended access-list range) and deny the sales network (172.16.40.0) to make an FTP connection to the finance network (172.16.50.0).
Note – Here, as FTP uses TCP and port number 21. Therefore, we have to specify the permit or deny the condition according to the need. Also, after eq, we have to use the port number for the specified application layer protocol.
Now, we have to deny telnet connection to finance department from both sales and Marketing department which means no one should telnet to finance department. Configuring for the same.
R1(config)# access-list 110
deny tcp any 172.16.50.0 0.0.0.255 eq 23
Here, we have used the keyword any which means 0.0.0.0 0.0.0.0 i.e any IP address from any subnet mask. As telnet uses port number 23 therefore, we have to specify the port number 23 after eq.
R1(config)# access-list 110 permit ip any any
Now, this is the most important part. As we already know there is an implicit deny the end of every access list which means that if the traffic doesn’t match any of the rules of Access-list then the traffic will be dropped.
By specifying any any means that source having any IP address traffic will reach finance department except the traffic which it matches the above rules that we have made. Now, we have to apply the access-list on the interface of the router:
R1(config)# int fa0/1
R1(config-if)# ip access-group 110 out
As we remember, we have to apply the extended access-list as close as possible to source but here we have applied it to close to the destination because we have to block the traffic from both sales and marketing department, therefore, we have to apply it close to the destination here otherwise we have to make separate access-list for fa0/0 and fa1/0 inbound.
Named access-list example –
Now, considering the same topology, we will make a named extended access list.
R1(config)# ip access-list extended blockacl
By using this command we have made an access-list named blockacl.
R1(config-ext-nacl)# deny tcp 172.16.40.0 0.0.0.255 172.16.50.0 0.0.0.255 eq 21
R1(config-ext-nacl)# deny tcp any 172.16.50.0 0.0.0.255 eq 23
R1(config-ext-nacl)# permit ip any any
And then the same configuration we have done in numbered access-list.
R1(config)# int fa0/1
R1(config-if)# ip access-group blockacl out
Article Tags :
Computer Networks
Practice Tags : Computer Networks
Read Full Article
Hướng dẫn thông số kỹ thuật Access-list (ACLs) trên thiết bị Cisco
Hướng dẫn nằm trong tutorial những bài hướng dẫn thông số kỹ thuật thiết bị chuyển mạch switch cisco mà chúng tôi gửi tới người tiêu dùng. Hướng dẫn thông số kỹ thuật Access-list dành riêng cho dân kỹ thuật hoặc người quản trị khối mạng lưới hệ thống mạng, chúc những bạn thành công xuất sắc.
Đầu tiên, hoàn toàn có thể hiểu Access-list là một list những câu lệnh được vận dụng vào những cổng interface của router hay switch cisco. Danh sách này giúp chỉ cho toàn bộ chúng ta thấy router hay switch sẽ biết được loại packet nào được đồng ý hay vô hiệu. Việc chấp nhân hay vô hiệu hoàn toàn có thể nhờ vào những yếu tố như: địa chỉ nguồn, địa chỉ đích hoặc chỉ số cổng (port).
Extended Access Control Lists, syntax of access-list IOS command to create an Extended Access Control List (ACL)
Standard Access Control Lists can filter the IP traffic ONLY based on the source IP address in an IP datagram packet.
Extended Access Control Lists can filter the traffic based on many other factors.
• Source and destination IP addresses.
• Protocols like IP, TCP, UDP, ICMP etc.
• Protocol information Port numbers for TCP and UDP, or message types for ICMP.
Extended Access Control Lists can be created by using the “access-lists” IOS command. The syntax of “access list” IOS command to create a Extended Access Control List is shown below.
Router(config)# access-list [Access_list_number] permit|deny
IP_protocol source_address source_wildcard_mask
[source_protocol_information] destination_address destination_wildcard_mask
[destination_protocol_information] [log]
Access_list_number: For Extended Access Control List, Access list number must be between 100–199 or 2000–2699.
permit | deny: Whether to permit or deny traffic.
IP_protocol: IP protocol to match. The IP protocols can be IP, ICMP, TCP, GRE, UDP, IGRP, EIGRP, IGMP, IPINIP, NOS, and OSPF.
source_address: Source IP address.
source_wildcard_mask: Source wildcard mask. Click the following link to learn more about Access Control List – Wildcard masks.
source_protocol_information: Additional source protocol information like TCP or UDP Port numbers
destination_address: Destination IP address.
destination_wildcard_mask: Destination wildcard mask. Click the following link to learn more about Access Control List – Wildcard masks.
destination_protocol_information: Additional destination protocol information like TCP or UDP Port numbers.
log: Specifies whether logging is required either to console or to a syslog server.
wildcard mask: Instead of specifying a single IP address, you can also permit or deny networks/subnets entirely or partly by using wildcard masks, also known as inverse masks. Wildcard masks is optional in above IOS command.
Do you have any suggestions? Please let us know!Feedback×Name: E-mail Message:
Close Like us onShare on<>Related Tutorials• Standard Access Control Lists (ACLs)
• Where should a Standard Access Control List (ACL) be placed
• Access Control List (ACL) – Wildcard Masks
• How to create and configure Standard Access Control Lists (ACLs)
• Extended Access Control Lists (ACLs)
• Where should an Extended Access Control List (ACL) be placed
• Extended Access Control List (ACL) – Operators
• Extended Access Control List (ACL) – TCP and UDP port numbers and names
• Extended Access Control List (ACL)- established Keyword
• How to create and configure Extended Access Control Lists (ACLs)
• How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh)
• Named Access Control Lists (ACLs)
• How to create and configure Standard Named Access Control Lists (ACLs)
• How to create and configure Extended Named Access Control List (ACL)
• How to edit a Named Access Control List (ACL) on router
://.youtube/watch?v=cm_rNtxukGw
Reply
7
0
Chia sẻ
Clip Access-list extended command ?
Bạn vừa đọc nội dung bài viết Với Một số hướng dẫn một cách rõ ràng hơn về Review Access-list extended command tiên tiến và phát triển nhất
Hero đang tìm một số trong những ShareLink Tải Access-list extended command Free.
Thảo Luận vướng mắc về Access-list extended command
Nếu sau khi đọc nội dung bài viết Access-list extended command vẫn chưa hiểu thì hoàn toàn có thể lại phản hồi ở cuối bài để Tác giả lý giải và hướng dẫn lại nha
#Accesslist #extended #command