ACL access control list
1. limit network traffic and improve network performance
2 provides communication traffic controls
basic security measures provide network access to 3.
4. at the network interface device, decide which type of traffic to be forwarded, which type of communication traffic is blocked
ACL works
1. ACL interface applications in a direction
out of directions: the process has a router, the router is leaving the packet interface
into a direction: the packet has reached the interface of the router, the router will be processed
the application list to the interface with the orientation direction related data
ACL rules
1. 从上到下依次匹配
2. 一旦被某条ACL匹配,则停止查找
3. 依照上两条规则,ACL的精确或者严格规则写在最上面
4. 默认的ACL包含隐藏一条deny all ,即默认情况是拒绝所有数据
5.acl是作用在接口上的The basic rules are:
(1) the extended ACL as close as possible to the source refused to traffic. Thus, prior to unwanted traffic flowing through the network will be filtered out.
(2) because the standard ACL does not specify the destination address, so the position should be as close as possible destinations.
A: the process has a router, the router is leaving the packet interface
into: the packet has reached the interface of the router, the router will be processed
ALC type of access control list
Standard Access Control Lists
- Filtering packets based on source IP address
- Standard access control list access control list number 1-99
Extended Access Control List - Source IP address, destination IP address, specify the protocol, and port flags to data packets over
- Expand the access control list ACL number 100-199
Named Access Control Lists - Access control list named allowed in standard and extended access control list place names No.
ACL related commands
All commands are configured in global mode
to create ACLRouter(config)#access-list access-list-number { permit | deny} source [source-wildcard ] access-list-number :标准ACL号码,范围从0-99 permit : 允许数据包通过 deny : 拒绝数据包通过 source : 发送数据包的网络地址或者主机地址 source-wildcard : 源ip地址
Deleting an ACL
Router(config)# no access-list access-list-numberKey words
host 、anyThe ACL applied to an interface
Router(config-if)#ip access-group access-list-number {in | out}
ip access-group :标准ACL号码,范围从0-99
access-list-number : 标准ACL号码,范围从0-99
in : 限制特定设备与访问列表中地址之间的传入连接
out : 限制特定设备与访问列表中地址之间的传出连接Cancel the ACL on the interface
Router(config-if)# no ip access-group access-list-number {in | out}Actual operation
Detailed configuration
1, three topology map the PC (VPCS)
2, two routers in which a change of name to "SW", and add Layer 2 services board (NM-16ESW)
Purpose: The ACL is PC2 access PC3, PC3 and PC1 can not access the 
first step, configure the switch 
a second step, into the router R1 be configured 
to view the IP address configuration of the 
third step, respectively, to three PC, configure the IP address and test the interoperability 
fourth step, create an ACL and the ACL to f0 / 0 interface to 
the fifth step, the test results
