User Tools
использование_списков_доступа
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
использование_списков_доступа [2011/05/13 16:04] val |
использование_списков_доступа [2015/04/29 16:17] val [для организации сервиса NAT] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Использование списков доступа ====== | ====== Использование списков доступа ====== | ||
| - | ===== Доступ к vty ===== | + | ===== для ограничения доступа к vty ===== |
| <code> | <code> | ||
| no access-list 1 | no access-list 1 | ||
| Line 10: | Line 10: | ||
| line vty 0 15 | line vty 0 15 | ||
| ! no login ! for no password access | ! no login ! for no password access | ||
| + | ! privilege level 15 | ||
| access-class 1 in | access-class 1 in | ||
| end | end | ||
| </code> | </code> | ||
| - | ===== Фильтрация пакетов ===== | + | ===== для организации пакетного фильтра ===== |
| <code> | <code> | ||
| no ip access-list extended ACL_FIREWALL | no ip access-list extended ACL_FIREWALL | ||
| ip access-list extended ACL_FIREWALL | ip access-list extended ACL_FIREWALL | ||
| - | permit tcp any host 192.168.X.3 eq 80 | + | permit tcp any host 192.168.X.10 eq 80 |
| - | permit icmp any any | + | permit tcp any host 192.168.X.10 eq 22 |
| + | permit icmp any 192.168.X.0 0.0.0.255 | ||
| + | permit ip any host 172.16.1.X | ||
| permit udp any any | permit udp any any | ||
| permit tcp any any established | permit tcp any any established | ||
| Line 30: | Line 33: | ||
| </code> | </code> | ||
| - | ===== NAT ===== | + | ===== для организации сервиса NAT ===== |
| <code> | <code> | ||
| ip access-list standard ACL_NAT | ip access-list standard ACL_NAT | ||
| Line 39: | Line 42: | ||
| ip nat inside source list ACL_NAT interface FastEthernet1/1 overload | ip nat inside source list ACL_NAT interface FastEthernet1/1 overload | ||
| - | ip nat inside source static tcp 192.168.6.10 22 172.16.1.6 22 extendable | + | ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable |
| + | ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable | ||
| interface FastEthernet1/0 | interface FastEthernet1/0 | ||
| Line 50: | Line 54: | ||
| <code> | <code> | ||
| router# show ip nat tr | router# show ip nat tr | ||
| + | |||
| router# clear ip nat tr * | router# clear ip nat tr * | ||
| </code> | </code> | ||
| - | ===== Policy Routing ===== | + | ===== для управления политиками маршрутизации ===== |
| <code> | <code> | ||
| ip access-list extended ACL_REDIRECT_HTTP | ip access-list extended ACL_REDIRECT_HTTP | ||
| Line 64: | Line 69: | ||
| interface FastEthernet1/0 | interface FastEthernet1/0 | ||
| + | description connection to LAN | ||
| ip policy route-map RM_REDIRECT_HTTP | ip policy route-map RM_REDIRECT_HTTP | ||
| </code> | </code> | ||
| - | |||
| - | FastEthernet1/0 - интерфейс подключенный к LAN | ||
| - | |||
использование_списков_доступа.txt · Last modified: 2020/03/10 13:34 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
