Router(config)#ip access-list ?
extended Extended Access List 擴充套件ACL
standard Standard Access List 標準ACL
Router(config)#ip access-list extended denystuwww
Router(config-ext-nacl)#deny ?
icmp Internet Control Message Protocol ICMP協議
ip Any Internet Protocol IP協議
tcp Transmission Control Protocol TCP協議
udp User Datagram Protocol UDP協議
(以上這些單詞各有什麼含義?)
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 ?
eq Match only packets on a given port number 等於
established established 啟用的連結
gt Match only packets with a greater port number 大於
lt Match only packets with a lower port number 小於
neq Match only packets not on a given port number 非
range Match only packets in the range of port numbers 範圍
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 eq www
這條ACL的意思是禁止192.168.30.0/24的機器訪問192.168.10.0/24的機器的WWW服務
Router(config)#ip access-list ?
extended Extended Access List 擴充套件ACL
standard Standard Access List 標準ACL
Router(config)#ip access-list extended denystuwww
Router(config-ext-nacl)#deny ?
icmp Internet Control Message Protocol ICMP協議
ip Any Internet Protocol IP協議
tcp Transmission Control Protocol TCP協議
udp User Datagram Protocol UDP協議
(以上這些單詞各有什麼含義?)
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 ?
eq Match only packets on a given port number 等於
established established 啟用的連結
gt Match only packets with a greater port number 大於
lt Match only packets with a lower port number 小於
neq Match only packets not on a given port number 非
range Match only packets in the range of port numbers 範圍
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 eq www
這條ACL的意思是禁止192.168.30.0/24的機器訪問192.168.10.0/24的機器的WWW服務