====== Использование списков доступа ====== ===== для ограничения доступа к vty ===== no access-list 1 ! access-list 1 permit host 192.168.X.101 access-list 1 permit host 192.168.X.10 access-list 1 deny any line vty 0 15 ! no login ! for no password access ! privilege level 15 access-class 1 in end ===== для организации пакетного фильтра ===== no ip access-list extended ACL_FIREWALL ip access-list extended ACL_FIREWALL permit tcp any host 192.168.X.10 eq 80 permit tcp any host 192.168.X.10 eq 22 permit icmp any 192.168.0.0 0.0.255.255 permit ip any host 172.16.1.X permit udp any any permit tcp any any established deny ip any any log interface FastEthernet1/1 ip access-group ACL_FIREWALL in end ===== для организации сервиса NAT ===== ip access-list standard ACL_NAT permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 deny any ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable interface FastEthernet1/0 ip nat inside interface FastEthernet1/1 ip nat outside router# show ip nat tr router# clear ip nat tr * ===== для управления политиками маршрутизации ===== ip access-list extended ACL_REDIRECT_HTTP deny ip host 192.168.X.10 any permit tcp 192.168.X.0 0.0.0.255 any eq www route-map RM_REDIRECT_HTTP permit 10 match ip address ACL_REDIRECT_HTTP set ip next-hop 192.168.X.10 interface FastEthernet1/0 description connection to LAN ip policy route-map RM_REDIRECT_HTTP