第12讲 ACL的有关内容.ppt

Slide 1 of 3 Purpose: This slide gives another specific TCP/IP example of a standard access list configuration. Emphasize: Note: The wildcard mask of is the default wildcard mask. It does not have to be specified. Slide 2 of 3 Purpose: Emphasize: Each access-list should have at least one permit statement in it to make it meaningful because of the implicit deny all statement at the end. Slide 3 of 3 Purpose: Emphasize: Only host 3 is blocked from going out on E0 to subnet .  Ask the students what will happen if the access-list is placed as an input access-list on E1 instead - Host 3 will be blocked from going out to the Non cloud as well as to subnet . Note: The red arrows represent the access-list is applied as an outbound access-list. Slide 1 of 2 Purpose: This slide gives another specific TCP/IP example of a standard access list configuration. Emphasize: This example features the use of the wildcard abbreviation any. Slide 2 of 2 Purpose: Emphasize: All hosts on subnet is blocked from going out on E0 to subnet . Note: The red arrows represent the access-list is applied as an outbound access-list. Slide 1 of 1 Purpose: Emphasize: Instead of applying a standard access-list to a physical interface, now we will apply a standard access-list to the router’s vty ports. A vty port is a logical port on the router that can accept telnet sessions. Note: Access-class is used to filter incoming telnet session into the router’s vty ports and to filter outgoing telnet session from the router’s vty port. Access-class always use standard access-list to match the source address of the incoming telnet session and the destination address of the outgoing telnet session. The 2500 series router by default has 5 vty ports (vty 0 through 4). To configure more vty ports, use the following global configuration command: RouterB(config)#line vty 0 ? 1-188 Last Line number cr Slide 1 of 1 Purpose: Emphasize: To filter incoming and outgoing tel