Beruflich Dokumente
Kultur Dokumente
Internet
f0/0
NAT
Classification
10.0.0.0
20.0.0.0
0.255.255.255
0.255.255.255
f0/1
access-list 2 permit
access-list 2 deny
DS1 0.255.255.255
Filtering
10.0.0.0
20.0.0.0 0.255.255.255
interface f0/1
ip access-group 2 out
10.0.0.0/8
20.0.0.0/8
Standard ACL
Internet
f0/0
172.16.1.1
NAT
ip access-group 1 out
Wildcard Mask
access-list
DS11 permit 10.0.0.0 0.255.255.255
10.0.0.0
0.255.255.255
access-list 1 deny
permit 20.0.0.1
20.0.0.0 0.0.0.0
access-list 1 deny
20.0.0.1 0.0.0.0
20.0.0.2
access-list 1 deny
20.0.0.3 0.0.0.0
access-list
1
permit
access-list 1 permit 10.0.0.0
20.0.0.0 0.255.255.255
0.255.255.255
access-list 1 deny
20.0.0.1 0.0.0.0
20.0.0.0 0.255.255.255
access-list 1 permit 10.0.0.0
access-list 1 deny
20.0.0.1 0.0.0.3
10.0.0.0/8
20.0.0.0/8
access-list 1 permit
20.0.0.0 0.255.255.255
20.0.0.1/8
Permit
Access
Server
Standard ACL
Internet
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.
f0/0
NAT
access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1
access-list 1
access-list 1
access-list 1
0000
0000
0000
0000
0000
0000
0000
0001
0010
0011
0100
0101
0110
0111
permit
deny
deny
deny
deny
deny
deny
deny
permit
10.0.0.0
20.0.0.1
20.0.0.2
20.0.0.3
20.0.0.4
20.0.0.5
20.0.0.6
20.0.0.7
20.0.0.0
0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255
0.255.255.255
0.0.0.7
0.255.255.255
Standard ACL
Internet
20.0.0.
20.0.0.
20.0.0.
20.0.0.
f0/0
NAT
0000
0000
0000
0000
0001
0010
0011
0100
access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1
permit
deny
deny
deny
deny
permit
10.0.0.0
20.0.0.1
20.0.0.2
20.0.0.3
20.0.0.4
20.0.0.0
0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255
access-list
access-list
access-list
access-list
permit
deny
deny
permit
10.0.0.0
20.0.0.1
20.0.0.4
20.0.0.0
0.255.255.255
0.0.0.3
0.0.0.0
0.255.255.255
10.0.0.0
1
1
1
1
20.0.0.0
Standard ACL
Internet
20.0.0.
20.0.0.
20.0.0.
20.0.0.
f0/0
NAT
access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1
0100
0100
0100
0100
0000
0001
0010
0011
permit
deny
deny
deny
deny
permit
10.0.0.0
20.0.0.64
20.0.0.65
20.0.0.66
20.0.0.67
20.0.0.0
0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255
access-list 1 permit
access-list 1 deny
access-list 1 permit
10.0.0.0
20.0.0.64
20.0.0.0
0.255.255.255
0.0.0.3
0.255.255.255
10.0.0.0
20.0.0.0
Standard ACL
Internet
f0/0
NAT
in
Access
Internet
out
access-list 1 permit
DS11 permit
access-list
access-list 1 deny
10.0.0.0
0.255.255.255
20.0.0.1
0.0.0.0
0.0.0.0 255.255.255.255
access-list 1 permit
access-list 1 permit
access-list 1 deny
10.0.0.0
0.255.255.255
host 20.0.0.1
any
10.0.0.0/8
20.0.0.0/8
20.0.0.1/8
Standard ACL
Internet
Permit
Deny
Internet
f0/0
access-list 1 deny 20.0.0.1 0.0.0.0
NAT
access-list 1 permit any
line vty1 0in4
ip access-group
access-class 1 in
DS1
10.0.0.0
Deny
telnet
20.0.0.1
access-list 1
deny
Extended ACL
20.0.0.1 0.0.0.0
tcp 20.0.0.1 0.0.0.0 any eq 80
Protocol
S.IP
tcp
udp
icmp
ip (tcp, udp, icmp)
eigrp
ospf
D.IP D.Port
R(config)# access-list ?
<1-99>
IP standard access list
<100-199>
IP extended access list
<1000-1099>
IPX SAP access list
<1100-1199>
Extended 48-bit MAC address access list
<1200-1299>
IPX summary address access list
<1300-1999>
IP standard access list (expanded range)
<200-299>
Protocol type-code access list
<2000-2699>
IP extended access list (expanded range)
<300-399>
DECnet access list
<600-699>
Appletalk access list
<700-799>
48-bit MAC address access list
<800-899>
IPX standard access list
<900-999>
IPX extended access list
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit
Simple rate-limit specific access list
R(config)#
Extended ACL
DNS
TFTP 172.16.1.1
HTTP
HTTPs
access-list
access-list
53
access-list
69
access-list
80
access-list
443
access-list
Internet
NAT
100 deny
100 deny
100 deny
udp
100 deny
tcp
100 deny
tcp
100 permit ip
10.0.0.0/8
Extended ACL
Internet
DNS
TFTP 172.16.1.1
HTTP
HTTPs
access-list
access-list
access-list
access-list
access-list
443
access-list
100
100
100
100
100
permit
permit
permit
permit
permit
100 deny
icmp
tcp
tcp
udp
tcp
20.0.0.0
20.0.0.0
20.0.0.0
20.0.0.0
20.0.0.0
ip
any
10.0.0.0/8
NAT
0.255.255.255
0.255.255.255
DS1
0.255.255.255
0.255.255.255
0.255.255.255
any
any
any
any
host 172.16.1.1
any
20.0.0.0/8
eq 80
eq 443
eq 53
range 53
Extended ACL
Internet
DNS
TFTP 172.16.1.1
HTTP
HTTPs
NAT
10.0.0.0/8
20.0.0.0/8
Extended ACL
Internet
DNS
TFTP 172.16.1.1
HTTP
HTTPs
NAT
10.0.0.0/8
20.0.0.0/8
Extended ACL
Internet
DNS
TFTP 172.16.1.1
HTTP
172.16.1.2
HTTPs
access-list
23
access-list
23
access-list
23
access-list
23
access-list
20.0.0.1 0.0.0.0
host 172.16.1.2
eq
20.0.0.1 0.0.0.0
host 192.168.1.1
eq
100 deny
tcp
any
host 172.16.1.2
eq
100 deny
tcp
any
host 192.168.1.1
eq
ip
any
100 permit
10.0.0.0/8
DS1
any
20.0.0.0/8
20.0.0.1/8
Named-ACL
20.0.0.0 0.255.255.255
Named-ACL
R(config)#
R(config)#
R(config)#
Named-ACL
R(config-if)# ip access-group abc in/out
R(config)# ip access-list standard abc
R(config-std-nacl)#
10
permit 10.0.1.0 0.0.0.255
R(config-std-nacl)#
20
permit 10.0.2.0 0.0.0.255
R(config-std-nacl)#
30
permit 10.0.3.0 0.0.0.255
R(config-std-nacl)#
15
R(config-std-nacl)#
R(config-std-nacl)#
35
R# show ip access-lists
Standard IP access list abc
10 permit 10.0.1.0,
20 permit 10.0.4.0,
15
10.0.2.0,
30 permit 10.0.2.0,
20
10.0.3.0,
30 permit 10.0.3.0,
35 permit 10.0.5.0,
45 permit 10.0.6.0,
wildcard
wildcard
wildcard
wildcard
wildcard
wildcard
bits
bits
bits
bits
bits
bits
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
Named-ACL
R(config)#
R(config)#
R(config)#