总结扩展ACL访问列表语法: Router(config)#access-list 100 permit (IP) 大协议 源地址 源反掩码 目标地址 目标反掩码 access-list 100 permit IP 192.168.1.0 0.0.0.255 host 192.168.4.2
扩展列表他控制OSI七层模型的第三 四 七 三层网络层 四层传输层 七层应用层 IP ICMP(ping)------>TCP(0–65535)–80 23---->http(telnet) UDP(0–65535)–53---->dns协议
注意:IP协议最大,ping 协议是(icmp)被IP地址协议包含access-list 100 deny icmp 192.168.1.0 0.0.0.255 host 192.168.4.2 拒绝 ping 网段 access-list 100 deny icmp host 192.168.2.2 host 192.168.4.2 access-list 100 permit ip 192.168.1.0 0.0.0.255 host 192.168.4.2 access-list 100 permit ip host 192.168.2.2 host 192.168.4.2
access-list 100 deny tcp host 172.16.1.2 host 192.168.1.2 eq www access-list 100 permit ip any any
R2(config)#access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq ? <0-65535> Port number
ftp File Transfer Protocol (21)pop3 Post Office Protocol v3 (110)smtp Simple Mail Transport Protocol (25)telnet Telnet (23)www World Wide Web (HTTP, 80)R2(config)#int e1/1 R2(config-if)#ip access-group 100 out
