访问控制列表(二)配置命令扩展访问控制列表的配置创建ACLRouter(config)# access-list access-list-number { permit | deny } proto
.
访问控制列表(二)配置命令
扩展访问控制列表的配置
创建ACL
Router(config)# access-list access-list-number { permit | deny } protocol { source source-wildcard destination destination-wildcard } [ operator operan ]
删除ACL
Router(config)# no access-list access-list-number
将ACL应用于接口
Router(config-if)# ip access-group access-list-number {in |out}
在接口上取消ACL的应用
Router(config-if)# no ip access-group access-list-number {in |out}
命名访问控制列表的配置
创建ACL
Router(config)# ip access-list { standard | extended } access-list-name
Standard:标准命名ACL
Extended:扩展命名ACL
配置标准命名ACL
Router(config-std-nacl)# [ Sequence-Number ] { permit | deny } source [ source-wildcard ]
配置扩展命名ACL
Router(config-ext-nacl)# [ Sequence-Number ] { permit | deny } protocol { source source-wildcard destination destination-wildcard } [ operator operan ]
Sequence-Number:ACL语句在ACL列表中的位置
查看ACL配置信息
Router#show access-lists
删除整组ACL
Router(config)# no ip access-list { standard |extended } access-list-name
删除组中单一ACL语句
(1)no Sequence-Number
(2)no ACL语句
创建ACL
Router(config)# ip access-list standard cisco
Router(config-std-nacl)# permit host 192.168.1.1
Router(config-std-nacl)#end
删除组中单一ACL语句
(1)Router(config-std-nacl)# no 10
(2)Router(config-std-nacl)#no permit host 192.168.1.1
将ACL应用于接口
Router(config-if)# ip access-group access-list-name {in |out}
在接口上取消ACL的应用
Router(config-if)# no ip access-group access-list-name {in |out}
