ACL实验
ACL: Access Control List, the
role of access control list :
1. Realize access control
2. Capture interesting traffic for sending other technology calls
**Working principle: **By manually defining an ACL list on the router, the table contains multiple access rules, and then calling this table in a certain direction of a certain interface of the routing, so that the router can The flow performs actions based on the rules in the table-allow, deny
**ACL matching rules: **Match in sequence from top to bottom. Once the traffic is matched, the next one will not be checked.
ACL classification:
1. Basic ACL: can only match the source IP address in the data packet
2. Advanced ACL: can identify the source and destination IP, source and destination port number and protocol number of the data packet
ACL configuration:
Basic ACL: Because it can only identify the source IP, in order to avoid accidental deletion, try to call as close as possible to the target in the request
[r1]acl 2000 //Create ACL 2000
[r1-acl-basic-2000]rule deny source 172.16.1.254 0 //Reject a single IP
[r1-acl-basic-2000]rule deny source 172.16.1.254 0 0.0.0.255 //Reject a range (network segment)
[r1-acl-basic-2000]rule deny source any //Reject all
**Note: **The action can be changed to permit
[r1]interface GigabitEthernet 0/0/1
[r1- GigabitEthernet0/0/1]traffic-filter outbound acl 2000 //Interface calls ACL
Advanced ACL: Because it can be identified more accurately, it is as close as possible to the source when calling
[r1]acl 3000
[r1-acl-adv-3000]rule deny tcp source 172.16.1.1 0 destination 172.16.1.254 destination-port eq 23 source IP destination IP destination port number
[r1]acl name vlan 10 basic/advance naming configuration method
[r1]display acl all //View all ACL lists
Telnet service: remote login service
Work based on TCP 23 port, based on C/S architecture
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa //The way of using username and password
[r1]aaa
[r1-aaa] local-user xie privilege level 15 password cipher qwer123