User Tools
использование_списков_доступа
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
использование_списков_доступа [2012/08/23 08:47] val |
использование_списков_доступа [2020/03/10 13:34] (current) val [для организации пакетного фильтра] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Использование списков доступа ====== | ====== Использование списков доступа ====== | ||
| - | ===== Для ограничения доступа к vty ===== | + | ===== для ограничения доступа к vty ===== |
| <code> | <code> | ||
| no access-list 1 | no access-list 1 | ||
| Line 15: | Line 15: | ||
| </code> | </code> | ||
| - | ===== Организация пакетного фильтра ===== | + | ===== для организации пакетного фильтра ===== |
| <code> | <code> | ||
| no ip access-list extended ACL_FIREWALL | no ip access-list extended ACL_FIREWALL | ||
| Line 21: | Line 21: | ||
| permit tcp any host 192.168.X.10 eq 80 | permit tcp any host 192.168.X.10 eq 80 | ||
| permit tcp any host 192.168.X.10 eq 22 | permit tcp any host 192.168.X.10 eq 22 | ||
| - | permit icmp any 192.168.X.0 0.0.0.255 | + | permit icmp any 192.168.0.0 0.0.255.255 |
| permit ip any host 172.16.1.X | permit ip any host 172.16.1.X | ||
| permit udp any any | permit udp any any | ||
| Line 33: | Line 33: | ||
| </code> | </code> | ||
| - | ===== NAT ===== | + | ===== для организации сервиса NAT ===== |
| <code> | <code> | ||
| ip access-list standard ACL_NAT | ip access-list standard ACL_NAT | ||
| Line 42: | Line 42: | ||
| ip nat inside source list ACL_NAT interface FastEthernet1/1 overload | ip nat inside source list ACL_NAT interface FastEthernet1/1 overload | ||
| - | ip nat inside source static udp 192.168.X.10 53 172.16.1.X 53 extendable | ||
| - | ip nat inside source static tcp 192.168.X.10 53 172.16.1.X 53 extendable | ||
| ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable | ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable | ||
| ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable | ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable | ||
| Line 60: | Line 58: | ||
| </code> | </code> | ||
| - | ===== Policy Routing ===== | + | ===== для управления политиками маршрутизации ===== |
| <code> | <code> | ||
| ip access-list extended ACL_REDIRECT_HTTP | ip access-list extended ACL_REDIRECT_HTTP | ||
| Line 71: | Line 69: | ||
| interface FastEthernet1/0 | interface FastEthernet1/0 | ||
| + | description connection to LAN | ||
| ip policy route-map RM_REDIRECT_HTTP | ip policy route-map RM_REDIRECT_HTTP | ||
| </code> | </code> | ||
| - | |||
| - | FastEthernet1/0 - интерфейс подключенный к LAN | ||
| - | |||
использование_списков_доступа.1345697240.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
