User Tools
использование_списков_доступа
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
использование_списков_доступа [2011/12/19 17:08] val |
использование_списков_доступа [2020/03/10 13:34] (current) val [для организации пакетного фильтра] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Использование списков доступа ====== | ====== Использование списков доступа ====== | ||
| - | ===== Доступ к vty ===== | + | ===== для ограничения доступа к vty ===== |
| <code> | <code> | ||
| no access-list 1 | no access-list 1 | ||
| Line 10: | Line 10: | ||
| line vty 0 15 | line vty 0 15 | ||
| ! no login ! for no password access | ! no login ! for no password access | ||
| + | ! privilege level 15 | ||
| access-class 1 in | access-class 1 in | ||
| end | end | ||
| </code> | </code> | ||
| - | ===== Фильтрация пакетов ===== | + | ===== для организации пакетного фильтра ===== |
| <code> | <code> | ||
| no ip access-list extended ACL_FIREWALL | no ip access-list extended ACL_FIREWALL | ||
| Line 20: | Line 21: | ||
| permit tcp any host 192.168.X.10 eq 80 | permit tcp any host 192.168.X.10 eq 80 | ||
| permit tcp any host 192.168.X.10 eq 22 | permit tcp any host 192.168.X.10 eq 22 | ||
| - | permit icmp any 192.168.X.0 0.0.0.255 | + | permit icmp any 192.168.0.0 0.0.255.255 |
| - | ! permit tcp any host 172.16.1.X eq 80 | + | permit ip any host 172.16.1.X |
| - | ! permit tcp any host 172.16.1.X eq 22 | + | |
| - | permit icmp any host 172.16.1.X | + | |
| permit udp any any | permit udp any any | ||
| permit tcp any any established | permit tcp any any established | ||
| Line 34: | Line 33: | ||
| </code> | </code> | ||
| - | ===== NAT ===== | + | ===== для организации сервиса NAT ===== |
| <code> | <code> | ||
| ip access-list standard ACL_NAT | ip access-list standard ACL_NAT | ||
| Line 55: | Line 54: | ||
| <code> | <code> | ||
| router# show ip nat tr | router# show ip nat tr | ||
| + | |||
| router# clear ip nat tr * | router# clear ip nat tr * | ||
| </code> | </code> | ||
| - | ===== Policy Routing ===== | + | ===== для управления политиками маршрутизации ===== |
| <code> | <code> | ||
| ip access-list extended ACL_REDIRECT_HTTP | ip access-list extended ACL_REDIRECT_HTTP | ||
| Line 69: | Line 69: | ||
| interface FastEthernet1/0 | interface FastEthernet1/0 | ||
| + | description connection to LAN | ||
| ip policy route-map RM_REDIRECT_HTTP | ip policy route-map RM_REDIRECT_HTTP | ||
| </code> | </code> | ||
| - | |||
| - | FastEthernet1/0 - интерфейс подключенный к LAN | ||
| - | |||
использование_списков_доступа.1324300123.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
