CCNA1

1
???????????????????????????????Special Topic in
Computer
Access Control Lists ACL
???????????????????????????????
Special Topic in
Computer
2
Access Control Lists

• Access Control Lists ??? ????????????????????????
  ??????????????????????????????????????????
  ???????????????????
• ?????????????????????
• ???????????????????????????????
• ????????????????????????
• ??????????????????????????????????????????????????
  
• ?????????????? Application ????????

???????????????????????????????
Special Topic in
Computer
3
Access Control Lists

• ??? Access List ????????????? Firewall
  ??????????? policy ?????? Router
  ????????????????????????????????????????? Internet

???????????????????????????????
Special Topic in
Computer
4
Access Control Lists

• ????????????????? Access Control Lists ?? 2
  ?????? ???
• Permit ??????????
• Deny ?????????????

• ?????? Access list ??????????????????
• ?????????????????????????????????????? 1
  ????????????????????????????????????
• ???????? Access List ????????????????????
  ??????????????????????? ????????????????????
  Access List

???????????????????????????????
Special Topic in
Computer
5
Access Control Lists

• ?????? ACL ?????????????
• ???????????????????????????????????????????
  Packet ???????????????????????????????
• ?????????????????????????????????????????? Packet
  ???????????????????????????????
• ?????????????????????????????????????????????????
  Packet ?????????????????????????????? Default
  Action

???????????????????????????????
Special Topic in
Computer
6
Access Control Lists
???????????????????????????????
Special Topic in
Computer
7
Access Control Lists

• There are two basic steps for creating ACL
• First Create an ACL definition
• Create ACLs by using the global configuration
  mode
• Specify an ACL number
• Must carefully select and logically order the ACL
  statements
• Select which IP protocols to check any other
  protocols are not checked
• Second Apply the ACL to an interface
• Apply ACLs specified above to one or more
  interfaces
• They can filter inbound traffic or outbound
  traffic, depending on the configuration.
• A router with an inbound ACL must check every
  packet to see whether it matches the ACL
  condition before switching the packet to an
  outbound interface.

???????????????????????????????
Special Topic in
Computer
8
Access Control Lists

• 1.???????? Access Control Lists
• Router0(config) access-list permitdeny
  source address keywork any source mask
• gtgt ??????????????? Access list
• permitdeny gtgt ?????????????? ????????
  ????????????????????????????????????????????
  Access list
• source address gtgt ??? ip address ????????????
• keywork any gtgt
• source mask gtgt ??? wildclass mask ????????????

???????????????????????????????
Special Topic in
Computer
9
Access Control Lists

• ????????? Access List ??????????? 2 ?????? ???
• Standard access list access ???????????????
  ????????????????????????? 1 99
• Extended access list access list
  ???????????????????????????????????????????????
  ????????????????????????? 100 - 199

???????????????????????????????
Special Topic in
Computer
10
Standard Access List

• Standard access list access ???????????????
  ????????????????????????? 1 99
• Packet ????????????????????? network, subnet, and
  host addresses ?????????????????????????

???????????????????????????????
Special Topic in
Computer
11
Standard Access List

• 2.???????? Access list ??????????? Interface
• inbound ???????????????? packet
  ???????????????????????????????????????????
• outbound ???????????????? packet
  ??????????????????????????????????????????

???????????????????????????????
Special Topic in
Computer
12
Standard Access List
???????????????????????????????
Special Topic in
Computer
13
Standard Access List
???????????????????????????????
Special Topic in
Computer
14
Standard Access List
???????????????????????????????
Special Topic in
Computer
15
Standard Access List
???????????????????????????????
Special Topic in
Computer
16
Standard Access List
???????????????????????????????
Special Topic in
Computer
17
Extended access list
Extended access list access list
???????????????????????????????????????????????
????????????????????????? 100 - 199
???????????????????????????????
Special Topic in
Computer
18
Extended access list
???????????????????????????????
Special Topic in
Computer
19
Extended access list
???????????????????????????????
Special Topic in
Computer
20
Extended access list
???????????????????????????????
Special Topic in
Computer
21
Extended access list
???????????????????????????????
Special Topic in
Computer
22
Extended access list
???????????????????????????????
Special Topic in
Computer
23
Extended access list
???????????????????????????????
Special Topic in
Computer
24
Extended access list
???????????????????????????????
Special Topic in
Computer
25
????????????????? Access List

• ????????????????? Access List
• Cisco IOS Software Release 11.2
  ???????????????????????????? Standard ???
  Extended ACL ???????????????????????
• ??????????????? ip access-list extendec
  standard lt????gt

???????????????????????????????
Special Topic in
Computer
26
????????????????? Access List
???????????????????????????????
Special Topic in
Computer
27
Virtual Terminal ACLs

• Access List ???????????????? VTY

???????????????????????????????
Special Topic in
Computer
28
Virtual Terminal ACLs

• Access List ???????????????? VTY
• ???????????????
• Router0 access-list 2 deny any
• Router0 line vty 0 4
• Router0 login
• Router0 password cisco
• Router0 access-class 2 in

???????????????????????????????
Special Topic in
Computer
29
Access Control Lists

• ????????????? Access List

???????????????????????????????
Special Topic in
Computer
30
Access Control Lists

• ?????? show ip interface

???????????????????????????????
Special Topic in
Computer
31
Access Control Lists

• ?????? show access-lists

???????????????????????????????
Special Topic in
Computer
32
Access Control Lists

• ?????? show running-config

???????????????????????????????
Special Topic in
Computer