- 1、本文档共37页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
案例分析 案例分析 访问控制列表的作用 访问控制列表的作用 访问控制列表的作用 访问控制列表应用的位置 访问控制列表配置指南 访问控制列表配置方法 访问控制列表练习 检验访问控制列表 查看访问控制列表 使用命名的IP访问控制列表 Emphasize: To filter incoming and outgoing Telnet sessions to and from the router’s vty ports, the standard access list is used. If this is to block incoming Telnet sessions into a router’s vty port, the standard access list is used to match the source address of the host trying to Telnet into the router’s vty port. If this is to block outgoing Telnet sessions from the router’s vty ports to a host, the standard access list is used to match the destination address of the host the router is trying to Telnet into from its vty ports. Emphasize: Use the access-class command to apply the standard access list to the vty port. The next slide shows a configuration example. Purpose: This example shows how to restrict incoming Telnet sessions to the router’s vty ports. Emphasize: The access class is applied as an input filter. Note: Ask the student about the effect of changing the direction of the access class to outbound instead of inbound. Now the router can accept incoming Telnet sessions to its vty ports from all hosts, but will block outgoing Telnet sessions from its vty ports to all hosts except hosts in network . Once a user is Telneted into a router’s vty port, the outbound access-class filter will prevent the user from Telneting to other hosts as specified by the standard access list. Remember, when an access list is applied to an interface, it only blocks or permits traffic going through the router, it does not block or permit traffic initiated from the router itself. Purpose: This slide shows how to verify an access list. Emphasize: Lists IP interface information. Indicates whether the outgoing access list is set. Review the output of the show ip interface command. The highlighted text shows details about access list settings in the show command output. Purpose: This slide introduces the show access-lists command used to verify acc
文档评论(0)