在CCNA和NP中我们了解到了ACL——思科为网络访问提供的一种安全手段,它是运行在CISCO的IOS上的一种程序。传统的ACL分三大类:标准ACL/扩展ACL/命名ACL.这里对其做简单的回顾:
4 ~: W; i6 i5 \# i6 j( ICisco routers can identify access-list using two methods: [8 Y8 e1 E' R* R+ ?) _7 d# a
access-list number——the number of the access list determines what protocol it is filtering:% ^( g, K K/ y% x) f, _- Q
——(1-99)and(1300-1399)—— standard IP access list
q1 b3 B7 l& ` g& D2 P——(100-199)and(2000-2699)—— extended IP access list5 ], i i9 ]: J- T5 x4 ^* s% [
access list name (IOS versions gt 11.2)8 Z% N1 X$ O$ D. E' y
Names contain alphanumeric characters- V9 A" B5 Z& X! R/ U2 W/ c; s% v
Names connot contain spaces or punctuation and must begin with alphabetic character" i2 P+ h9 ]; H/ @7 x& R& H9 h, S
名称访问列表可以包含数字和字母,但其不可以包含空格及标点符号,而且第一个字符要是字母。6 ]/ `) W# J6 D2 g# r
Cisco router support two basic types of IP access lists:* d) r+ T8 l ]0 @) x# T
——standard——Filter IP packets based on the source address only.
f/ P) m4 V+ ~+ E, S: N标准访问列表针对源IP地址进行过滤
5 C3 t. M! Q/ K
& d% n3 z, s; [" r8 o8 n }$ x7 r——Extended——Fiter IP packets based on several attributes.including:
/ e. f. c/ U) P4 r. r* x( w4 u——Protocol type.+ x, z5 T" _4 R* p8 R
——Source and desination IP address" j" }) _3 z+ Z, \9 {2 }' v$ g
——Source and destination TCP/UDP ports0 n: i3 }. D" ^
——ICMP and IGMP message types. |