Important Announcement
PubHTML5 Scheduled Server Maintenance on (GMT) Sunday, June 26th, 2:00 am - 8:00 am.
PubHTML5 site will be inoperative during the times indicated!
EN
Home Explore เรียนรู้ระบบเน็ตเวิร์กจากอุปกรณ์ของ Cisco ภาคปฏิบัติ

เรียนรู้ระบบเน็ตเวิร์กจากอุปกรณ์ของ Cisco ภาคปฏิบัติ

Published by Kidztopher's Library, 2020-05-04 14:51:35

Description: Cisco Network Advance

Search

Read the Text Version

UIlfr 18 Network Addross lrons/ofion (NAD rii,i 507 HQ#eh lp nat trans (tfioTaroilurfinttdnmfllu 192.168.30p.2inglrltTcZOg.tSS.tSS.l) Pro Inside qlobal Inside local Outside local Outside global i c m p 2 0 3 . 1 5 5 . 1 5 5. 2 : 8 0 1 3 1 9 2. 1 6 8. 3 0 . 2 r 8 0 1 \" 32 0 3. 1 5 5. 1 5 5 . 1 : 8 0 1 3 2 0 3 . 1 5 5 . 1 5 5. 1 : 8 0 1 3 fr'rnn,jrqrfiuillrJlnnfl(Enfirur:eots)siofrrstpAddresdsru HQ#ehlp nat trarrs (rdaTand'lurfirrrtfnnls1lu92.168.3p0i.n3ghls*'rzos.tss.tss.t) Pro Inside global Tnside local Outside ]ocaf Outside global i c m p 2 0 3 . 1 5 5 . 1 5 5. 2 : 5 7 2 1 9 2 . 1 6 8 . 3 0 . 3 : 5 1 2 2 0 3 . L 5 5 . 1 5 5 .L : 5 1 2 2 0 3 . 1 5 5 . 1 5 5 . 1 : 5 1 2 i c m p 2 0 3 . L 5 5 . 1 5 5 . 2 : 8 0 1 3 1 9 2 . 1 5 8 . 3 0 . 2r B O 1 32 0 3 . 1 5 5 . L 5 5 . 1r 8 0 1 3 2 0 3 . 1 5 5 . 1 5 5 .L : B 0 L 3 #.rrnn.jrqsilurJ'rflrnmi{(onfinu :aotg)riovlrgtp AddressfrrHdruf,:.tufinrfigtfifiraurerrnl sourceAddressrfllutgz.toe.30.qzrtfrflinrrrr:ln'r'lrfrrsflouurceAddressl,,rrJ'rflr2n0fl3.155.155.2 nf,orfireruurflmrilefflfio8013lurruvudfl,rniilrfinrfirrsdofiurceAddressuflutsz.toe.30.3ffqs lfrSrnm+rufisourceAddressffqr zog.tss.'lss.v2rForufr,:fl1,rrrslnfll\\osfrtrzd#o'rf,rfiorjrvlflr1i nnrdufinurimd{mnnir-ir#rH''rs'rflEurri#lorfufiienflsrtffuunuurqn6's'i,jrqvfr'o{d{nnTrtillffflfin{fifi SourceAddress vtil'tgmfltpr ty tnmiqo.{ PAT{r.r ffu) fi,r1}J1.nJ'rsruor.rinynodl.nfqsrflu lufi fl Ir.-ru; PrivateAddressnru'luriouqnurla.l lnside Global PublicAddressfiqnlfirrnufitu1urnflPrivato lfifirrfl urrfni rfrirfui mrn privateAddresrsus{lnu 0utside l-oeal tflu PublicAddressuuduryo{rfiqnruuan iu [ d ] u t A f l l , t'tflTuufl1-tlvt0Ttun ' t l Out$ideGlobat rflu PublicAddres$luduryrairfirrnruuon

;,#;is' rs' ttii ,,,r*,****d#t' duffi:YH,llr Insuua l .arr.tt. AccessControLlist(ACLr)ilufluqefiaif!1JloStro'ifraTfrfid,rfllunrrah'iFr'lrHilnoFrJTEJ'[fi rTrrruruirrriflnunvr$rrnoTfrnofqlfiflru$frR,rct qvrit,lri'rfirit,luprrlsuhto.rvrrv{frin filfrfuoqryrn(permi\"t)[#r{irif raioqn:.Jfru(daeony')lritrf,r{rfiqn:srr4lnfrln.lACL1 ACL csfiuilrurnrraiefiorirrYroqjrfio\"H'lunmdr.r*6n.srnp'irostlruJncl rafl'r1qsfifrc{dlrni'Fl oq, jr,rnrurljmv- iriBr-fi{Lflusr-,rriruunilr;mvrqo'irmpevrlmflniutfr?odeny, ncl rafi'r1fiqn aH',od.rrmssa-'r1*llfrqnrirtrJtfi{ruqun,jTqrlfrfllrnmutnn{blfi6utn,rofltv'lsrs'itffrrprofl riouqyn'r1:.JlutnrrflrdunFir,:rgirfiluoEJrnl#uh.m'urnvufirmrro,rAcLnn':r riou vu LFtEJVTS't?fu',]C1nFteOH't-1FttOl5UlJvFlQl1ilA'l{ HQ(conf ig) #access - I isE 1 0 1 permit tcp any any eq 80 +Access ControEl ntry any any eq 25 HQ(conf ig) #accese - Ii.sE 1 0 1 permit tcp lnce; t{rorirfrI +Access ControEl ntry H Q( c o n f i g ) # i n t s 0 / L HQ(config-if)#ip access-group 101 in (ncr)d'rduzfi

Unfi 19 Securily by Aace&sControl Lists(ACL) 'rtih, 509 'i rrrlrril*ruu*rullllll*lllllllwwu*** n1?r\"tranoilflltl{uocjl.ifii'ru.r1ffudrflxrnlrfia$cl.cr ess-tvisiftirailrflmrdr.i6.irfllutrort-Lof j (ruodri taunro.rt)erurrrlrdeutf:fr.rf, I daulnrnti : vrm^lfinlrsrRTfcl P(tcpd) d'iilTsrnfruvrr'rvilraufitAu'n(aydn.yih) J#rilnru i vn'ifi1uuff16'(aunnyr)naflnilnrflnr.itfluul'rtrBrn0r(eqB0)vrmylfrlnrlryr,nvrfiqrtA'fli i EqryrqFn lJ'[#4'ii(lp'reurm' iutL)irilnfl{EurmsflSMOql(tipaccess-gro1u0p1in) j a doultvrdz : vrrrr,lflnr-hvrTfircpds{'rursrnfiuvrr.rd1uufilfirflcr{,i1ilfl,iila'rflilT,idtuuf,i lfi TBrsfinoflmrJnrenr,rrflunoflmzusivlrtmrryn,rlflnrlrymvrdsylfifl:ror1ryrnt#re.lrur{ir ilre-6.iurrorfrv'lqsolt ; r'l\"oulrrv3rt(impticditenyatt), rflurCoulrrdnndanuml{iluilrsfifiavrnr4flnorulnrSmud hll, hlt9 d'o,qq 'Ld urtq ouz{ltluedfir'iruilr{r.:fr'usvnnrJfliarnm(orfElrtfrirttyr)lTerrr-lTsrstprs.fferTuffi UsrluuriuouAccess Control l.ip!. tASl-)\"ila.ilrsrirlulfi ACLlu los to'rfrnTri'uonqrnsv'l#rfros{Fr{nrrilrjnoBrrTril#nT:frlu.iifniirlr4sfTlnflfqfduoffd',u]nr urnurs\"lurryursril nr1gr,oi ,ni 1f lflFFloruf,qlrrtu rdu r s{$rtnmililnonflflTmHnrrnru4utJrvwtawny{flnfir'irudr{'nroooenirlrfniuiurhrnof i d\"#rfirisri'lEurrofluiprTpLruflnsqr{'lxJ1?fAlrCsFLdrulrrrfioflo,iri'uvrmvlflndurrflu?'rfl v n v',l-f,, jv r f i o { n m r fr r f i{ i lo1fl3n5 ,4 4 s,13 9t i l t r fr nr r u r r nr { r l rf l ,i r f i n r q f nn rt l ' l u 1 f f rtv tr usmrlrsinilqo{ilrv,lfrlnfiqvelrHmnnr*r{suDl#NLinerir,nutfrd',llud'raejr-llrdtz TnEl ncl nrqnlfrdrTudrd'iraler-li(sutnrdrd{dialertisctsqnrirtrJ{l{rTr\"rdro*i.\"1t*ngrouRp.ru lfrEurrleflnlsr nr6nfit I ttmilffirnilre{ilrrv{flndsvqnrirt:.1\"{4rrrunrnnm1#r-rTn(Q1?uatitoyf Service: eoS)\" ro t{n:lrcmilra'irflv,lflndqvqnrirtr-Jl4\"tufllrqofrdflnnTilr$rfr\"ainTirldrTurnirFhJ'H,lrumurTu Route-Manpr,rdr Redistnbutionnm, druunrhfr':rduy#fiqsilTgn(alfdi veruseo)nn'lilfl.l rFrinofrfiouflru (distributteist)rflufiu

Euu!.t--uufinfidnernqilnrncilais{conrrrr/frrffi ffil acL rfluililr'{oififio{,iuqrJntnigrntrou.r6:{a1fi'lfiullrui rtrrflo{rrnrwtndrnrsus{ AcL fnuriclrl rr\"+r ncl nrqntrirrJBslrfislqrn:lffii'Brriun.i!mr4prrir'rfrnnmfis'nufnrn'jrvslmrilvt-tr-lnmfiBt fiffrioutrneanrfia'rrTrufinrfiprfi4'rufirilrt#rrr,:qrfrn\"luo*rr]ru5,drru\"mnlrerfflinnr4'jr \"actronyJ\"utFu nl[v.r^rr1r1prermiut4?odenyurntctrluPERMIuTYffrt,n! ,r, aflnro4ryrmhfrvrnr'{frlnriu4{s'iru trJlfiupir.rrnrfDlilENYvnrv'IflnrfuqrqnTuu(dD'ropb) l drprlr-rrmi'errAoc,icessControEt ntry(ACE)uBinsr\"rrrfi'prdqnaFr'lnn'lCtrLJlqurfin'lrru fgi.v r' ;FrFUrJrylnimyorr.rulfrnairrhJluffofru6v',rm.irvlflnnrqnrfinqrnrteutrRrtcuEslnLu n,lair,lbliosdl t#uAcr fioqj\"lurmvTorfuifmiflln'rtiln']rqsfiutoulcifinvt6flprttnstetrq'i (morespecificH) rnn.j'rutouhqan'icr fioqjlulmvrTerfrp'rTu1'totir'itduurnlu AcE tt?n\"] rqprt{,jraccess-lis1t01permitip anyanyilar ACEfrra1 utnt{'l'raccess-lis1t 01denytcp anyanyeq135r.rnfi16'fl6vorrv,lfllnfifre'tnrDrENYrlunrlfrflr:eqryrnrl#ilruhJe1lfrfrr,lqff unnr ,ilofinmr-lr;rfrur,1oeuctqE,*rn1firtml{lfror4rprmhfrvrrrv{flnd.:r'iruh-Jriou*frr vmrv,nlf4l 'ililqnr.rJr rfrufitfl ACEfrre'1r',udfro,nrm m 4 f l ' \" IA c L fJi e {. # 1#, i f i u x J rasJ s i l r .v r q i l t ft ul4 .j r r u r q n r i e u l { rramr of r f l H t ? e n ' i li m p l i c i td e n y a l l Fr nrnrtlramsfr6vromv,{filn-ln1fi'lrinsprnffo'rrTr:rtaulllurmrriolnurrnair.ilrldvrtrv'lfllnrJrvrrvr rlunrfia\"jrqn \"rJfrrnn (deny\")trlTperftfl rn*nrqnTuufi'ttrlfTldenrrTuffi $\"q4rynuoAr$\" .t- nCl rrurdugrunrfioqjfrrurTzurlrsmvr'lfrrrrsi tanuardACLrnr ExtendeAdCL f Standard ACL ACLilryrnvrdqrmmqrffntfrrsilrylailrEJrnrLLoFrtp(Sr?onu6rc'ueAvdt'dt.rresst)o+ufintrin [y' r-fr1Jux,1r\" uoJrq{ou, {rifrl?rFro-l4n'Irn!,^l^io. hr,irlnr, ;crr-vrfld{lilnrumnrtJnutarn'ilil'lunflnrtdsFrttnvf,lnpTd']u dur qo'irfinrffntfiqiuuulflmfl TCP/UDPPortD, estinatiolPnAddressrfJuffu

Unll19 securif/by Accessconfrott/sts(AcL) tn, 511 g ExtendedACL ACLilrrmvrdnrurrn:lrsrfrurirfrlnrfil6ou'ilrfinrfinlfiodr'iarrdfuiunautrnrrr,rqrffntd#,l f,lnpi\"Lumrgsraufnl vinrso+fdtfirrrirrmsrfinuilrflrnSrourctepAddressD,estinatitopnAddress, flnri Protocloulr{ruuaprrprefrro{utfpin(refrin.rt,ir'16'srnIlv'jrtffi,lappi rotoco'lftirJ,rron.jrfrorynlu mtflflfilu[flu TCpra?ouDP),umflrnrnoflmqoTqcp/uDp#{neflrrffuy]r*qnrnoflnilnlflvr.r,Ai CL i l,r r r n v rJ uo q\"'rrJ \" L r i q T4o u l l \" lsu na muo1ds'hre1r 6fi ' s, e i r , idn snr dilrf nl f iu u TBrEiilnrnFqsdr'i6'ifi ACLFi'r'i'rluai'rdriruvrr'iulJ'rf(llnauflmber*)ninT.rt1tfr,]m,'lnrilmn#,i fiafirfluc{mT'im-'ro-nurnt#cfli'Lruairdlfrfinurnqcr3enACLrlrsr,nvrfr,NrramedAccesscontrorList Hv drflerusy4mv nnr lenI 'iFr loh[L alnurutnrsur-urnTfli Ac L AcLd'lu'lrtll-trr-11#rl\"r1ut{I'nnbuorusnldfrnvrr,rz'rrfltrrei,:6urmoflu{rroq*rnFcrlrunnshflu)rus outbonud(firtilr.rmoannq6Turrrfoiv'lrror{$rffiofl) Inbound ACL LI:J:JInboundd1ulfnc{fr'ilfilpranrrc{Fra{ ccess-tis{tulnriou rrffrqrnrfufrl-.lrr1l\"a[#ccess-rist u3ut nn, 'i'Lilrudurmofuv'lsFi'lEJipdradc\"ciess-grou<ptrlJ'tEl[ar{o{access-listi>n d+rnm,jrfidrafln frr+fr'rflqrrfliunfiquilrflfi,iInbound r nr { nrr f jgr * l l r r ' f , i o q r u(prFetr m i tf)ti ' r u A C L $u : JI n b o u u n r qq r n r $ r r m o fi i r t j : J r s l, t n z un d o u . r im v ndfl tfiuilr'lsrntFrifwttflaFi'jorqre{,i0'iruoontrJvrr'i6urmoflrv,lqmoonfiudrrnusrfilfrinvhrf\"rlmrrdqnrJflrao (deny)6',rtRr cL u!t-i InboundnrqnTuufr'rtr-l1uri'ufi Outbound ACLrull outbounddlilr?nfih'tlfrTnsntnfr+ accees-tidsut mriou u6'rsrntiufi!-qd'u1afccess-tist rfun.llilluourmaftv'lqFT't€lripir#aqcces$-grou<pl,4rJ'lglff.ultaoc{ cess-lisot>ut #.lrnm\"irfifn-frr fvlv'lc-rtyllflSrILU q Outbound out {,il4ilrfl fi': uvs tnqtri-pi , tvrrJrunttfulartduilr'iqrinffrff,rnfurrffl u uior5rrBraflvrnr:,jr6'o,ld.lufinrffnriuosnl:lvrr.r Eurnofrv'lttrsa{u lfr'irtfluintedacteotorFrmsfqvfr'o'lrffnrieu.irfi6urEno0f/l0frlvfi,nhrni,rd'1lfr ; ACL'lutroonr,r?anlrrinfi t#rtnafqsfr's{rJrsrfiuvrnr4fln#uriau,jToqpjluerimauiutl?rrafoi eny j u r n o q, a j \"Jl u r Tu i a uphefr muit r f r n r f f n f i q v 1 6 'f , u n m s { ' i t J*nTinraflrilnnofiqj ' l u r l o uotelfni yu f i n r fr v r i u f i q y I m i qn o 3u, ; lfluyr'i tlJ : ilt11t11t1111l1}rfritff;ftrtfrfrffi

,,,, I 5 1 2 #' tiuuaftruutfrnfifnslnr 4ilnrnjroc,jrsconnilfifffi ',u*ffi rdflcnr-uACL :ru6urnofn'lnafi.nrr1rrrnfi acr frr-r-{Firl\"l4.lud'nTuNrBusOUNLDtfivourBoutrtolfroej'r'l nuufi.iACLrvitfu riinfinrlfiurfrHAccessControEl ntry(ACEl)ttvr\"prlurjrflrtrlnrslAfrccessControLl ist (ncr) fifierlrfriAl cE firfilr{r1il#unrqndu,rir1rleioqrnrmvr-nr4nrfrrufifrimoq1jr1i 6r 6'tlJ'trnuytTnnce ifrrtrlprr,rnnr{ryu,jr':rrrrf,orfiiri'oqjrfiH16'(rflu{riuoqlonsatirq4ooffrr'u 1z.oluournprsrsrflul:Jtff'irltuos rrofltulrailrL?'rd'til1rflttvAlrCn Edrtilrvra'ir'innr,l [ a4 9 . ) rdofin'nsnrdAn ccessControLlist(ACLo) ontrjtnfio'lsnthn#'lr,llpr6tedrnffoou\".\"**- list<l.{il'triraflfloA{CL>tiltris{ril.l?nsntfintaylryl'A]'Ci EfifioqinratunCf #u1ffi'(rilu {oqnair4nrrfoi srroft'u12.0niuflutuournnorqrflutrlld',jrtlous rr.oSfi'u\"htanrnj1rrren flnrfrnrqnrv!'rA{ cEtfr) fi:':.ffi;;\"nd;;;;^.'*,.=NamedACLq;rflo1on1n\"lfirrrtfionnUrqnr; u,',0nce frlrifmi nrtaon}\"tld1up'lrinl :tnuntutfiaunluncr ri'.:rue, u fif;nr1rfifAucLvlrfifi4(Frurtos uofldutz.o)fi6on'rrcopyncr #.rr,rruprt:Jt'ttfolutepao rufirrinmufitrLhr?frful Fecrqrn#uhfrnsrFn nCr 16Lr(frQderd{ noaccessi-slOrrfrtrtprRct ':. a h,4 tFtlln{ LLOnn?rt r hfiaF'rn.icr {ur.rrrioufiradrda,:ccess-lisritfirriost-r-trr1r-llfrnqh-hiErrrerofrvi'pltfrQfldrd': access-group Rcr lfflunmfilnrmoiyrmy,l-r,,ln#rairurnroontfrtp1roilf1r,fvf[ifrrr-Tiluntrroivrmr,,lfr]nfirFrrrrof tflurjritoonto':Tapnr r.l nQ?e,St.tandarAdCt-t{fi6urHoflw,lqro-iuFrrmsffioqjtnffnTrulrutrtil(nDrseusrti'ni ation) u l f l yJ l? { F?t { . t ru a* n r y \\ ? 'Styt a n d a r dA C L F r q stgf i nv l' !f'r u e i l r vSo u r c eA d d r e s so ti' l ' l t d f lQu r n u r 6 l r14\"fLffnrur.o urnT,fnf ron.qnfrnl rmefld.rrFrfuf trl Fr,l?,tE.rx.ttendeAdcr lfffiEurneflrviqro{rrm5roflfioqjln#rilTanpir,rlrsiontfufrrvn(.sl ource) u.nd4, nrru4fiunmrExtendeAd CLflr,rsrfirrtriinrrdsilpTrud'iFrrrrffnufinrfinrfr-'lutririlul urnpie.inrtflnrnrofvl'rqylffiarnofrlrirLnfflltilr\"if']ro'i'l#iffrmsflt,lnrnsT1ttnrfilrrnrilrsrrn fint[vd d{nrnailu'\"I

Unfr 19 Secudfyby Access Contro/Lists(ACt) '\\,, 513 lunmn$r'Ai cErlrinril?na*nfioqjnRracllufiraffnnTrf2in$u:Jr[:Jl[r?n6}oi penvtr vrrrv,lflnfiffo'rnml{*rifefrurioaDENYluumraor4nrfr'reraitomspytfici'ditenyal dr'nu h1fft6,',^,uuudnuo6hofrnrruvvnvlflndpio'inmfilnrrrefld'irilusuoonahdlrr'irouuqiu tffinrnofvrmrlflnfrrilstrio'irTrnrrTsilfirrr:::.JfrlTnrmo'itlTrrrqortd3vsi,r1c3iu9y, roflm ++srflufr'urifrrlurmri'BraorvirfltAeC.i L1\"fit[A6iCEfi pERMtvrrrrv{fln#'lrar(upnermitp anyany)drufu*rrdao'rdodrfiulAeC{ Efi pERMtvrrmv{flnf'naln'lu:.nmer4erfr'rsfrrs mnsfvlr4u; , rndruiuqvwirrTutmdrf,D'r ENYIn'\"IilnlJflnfirazunflol'mi pticidt enyal virfl 4Fl f irfflumouvilaroA,tCLUnACLqvfio,jrrnfioutfmi pticditenyattoqjrimrurruinmldoeny i. panyany'ltlti dfrmev ufirflrRe- t^c. l qvs' irfqlt! #rmilT.Hl:Jitcount6rrilurlFlrmfinrfinrfiqnoeny 'lfrul'lmsrfio\"lfrdrs#n.o1waccess-lidsut ur mrqsniuHitCounrto,rr-rtni'dBernyipanyany ltltil4ser\".4M+p.h Wildcartdvtasrtf<lurnrio'rfi0fi\"14'[u\"inumrn{(match)f\"lmrj'r.lt\"ul uurflrntuur,rrnr'',udfro,lnrTrprtl nirflnfiriluoluwitocaroMasksv1.{u'rufi.rhi\"urnndT\"rrirflmlu*onmd?xfiilFi'tflprfiu1luluWilocaro Masksuul'l Er.fi til ffo{nuln (don'tcaro)rirf,m#ululLFornrfidii'rd.r rJ6urlfiuleqj fi,laEir'irciu 192.168.300..10.0.0sruilrsnett\"jr tmfr'o.lnr\"turn{\" ttoer[nr6y]nttonrnts{fifiFirf,nr1nflnr MrrT!tsz.toe.so.ft ififionrt'mmf' usilrcTmariuanm19re2{.16g.gorf.itfl.,irroprrnrnrfifl,rryi,rliu u4T4ononfleofl''l'iu1j.i t 192.168.300..00.0.25s5s1,tu''tflFr't'rttnJf.rjar 'inrr \"uum{\"tPAddress4n$orllnrfififsi tLufl' rtnfiuffuff'rfl1s2.168.3r0{ruhni'4erfrrflqsrfluas'lrff1fi-trqisn{ruirlrqdnoclr.rrafl.rfiefr'o\"m{nrrlrf\" dr rfisu| aqmrc1{92.168.30.0/24) wildcardMaskqvnnrirrurl{'luRcr nionmrmmduopuprrdr'fiunornru.,mplfiroprrnr6d6'rufil ExtendeRdCLrrd':srvirfittoprtprrnfr'urr'iuToilnrflvrrrrr{ifdi1ta6f'lrSl tandarAdCLsrfi.}trrrnvirtfr rsyvsrlroFLr Frrfniuil'r'{rvirllu

514 re\"aufr;r,,urrTnrTfnernailncrinsicron.rt ntJfiTn \"d$,' mrn'r piotrlfi$6FrF'i l-eEeiI'ifol ,t Wi|dcard Masks iflMuwurntSruHo': filrftt{il1u 00000000.00000000.00000000.000000r40r01urnflP Addressfio'rrrurrd'un-hd' vur ufi.:Tond'uorsqr afiuro,J ;;;;;;;'\"ttt\"'*;il;;; ;;;;;;,; tfi ffirfldrqwrr s'lu giffiir tYirutu 'lu 00000000.0000000101.11111.11111111 6'qFrrfui qr rfluor'lr flld 'h{uuq\"fi'rrraref'llud'urntvirudErudn z'h dnn*,vrrciJuvsl:fild 00000000.00000000.00101011.11111111 tfi uusrdraru;20 fiflrtnrvirulu drudn 12 fiflfin-{evrfluav-kfr'td oooo*oo-1 1.1111111 hil#;;;;;;ffi,'',i\" d* I o fimvn\"v,:rqiluovl:fr\"lfi ao,ifis'lril1frnor-nsci'irr'flirEaifl?yno:Jne1r.rrT{rolqrsfrqrtrurq'S'tftlandarndcl fifilnrnof'lfi tqil1u SourceAddressffuvr +rvtiiu d\"i'[uFToc']ir.1fiFrhl HQ(config)#access-1ist 10 deny 192.158.30.0 0.0.0-255 i. H Q( c o n f i g ) # i n t f a o / o HQ(config-if)fiip access-group 10 in Fr,r.rlJurJluaflcoc,iess-tifsi'tr+fr'ufid\"lorftfinqurtnrflfPH4nrfintfrprfitfrlmur6urrlsflrYt'a{qo/ o,jrfiufinrfimftaurir+duoorrnt?6(frS'uoyutr'rc'Aei ddressa) tlni'utn{ufr'ufr'ttEgJz.toe.eor{'ru'hnT4nr firsrfluostrfilfrfirnrufinrfimfifin-n:crurd\"rntrliim#rrrroflvirn'rrilfrt(dDfiENYr),#oflnrmofrrfinrfrn pT'rnaim1rihf;4'ifsa.0jl/u0rfirtrl rrfinrfrnnluflfnrqnTsud'(rorop)hJlufi4or fi6nnrnir,lfl,rfirr,rrvirn,rrilr{rlqrfrrru.trufr6ron''trfisil wildcardwast<l#nrolnqilr€aLn$6 r\"{*urJFAlu?rFlo.lpnelrrm, . i#t 4o o. eny$T-p, . r. -a- -t.q- -i.lrynrnwifiitocardMaskriudrufluplo'rarolnq}J\"I':JlliFl Llonrrrlfdua'lurr\"o\"el rlflTdv\\ffarir'um1 -roejr+rrfiou'inrrtduuWildcardMasklu ncl dfinm oEtrlY ,I d'lniniraBrrprrdm\"1,i7r2m,i16.16.f0i.l tZZ.tO,tg.0WildcardMast<firfieutd'qvrflud\"lf, HQ(config)#access-LisE ?0 deny 172.16'16.0 0.0.3.255 rirlrufi.lrfl1u22.10.100.0.0.3.254sdFBrrrurn;rdeflfido'lrhf1is7u2.16,16.107, 2j6j7.0, 172.16.18r.n0y 172.16.1go.o0nrrlupJuu:.rno.rtnflS'r(utunuor'r?)#.rr,rlBrrr6\"tlnirfrnq4rflmtr,lutor + {r-lrfimuonrnff{f,fiFrT{flil#ori\"huf^rulvrufidrur.ru'iflmw#iutd'[cuardMaskff']etnto dquflmluud |u i4llalLaaBh tFlr,:*nu\"u* ,iulJerffhfrrivrufrpirrn,lri{flnfiufiif1ltfrlrfflf'trioutiruWildcardl\\4askoenilltflutnn grufrr

I ', ,l, : und 19 secur/fyby Accesscontrolthts(AcL) '\\iil, 515 ,n rffiifi46#{unmrflrir,rFrr5,rfiirsn.itiufrlrr*o ! , l. drurari'iqo'i1il81{films 2 riuqsfio'ifiwitdcardMasxwirrT:o.r uduouoqiufiernncFirro-i ! + ; ri\"iz tLffiro+4n1{l nimuanmrnfrrirrvirrTuefi1Tz.i6 ; , z. dTudrrnlrj'iro'ihB+fl#fiuqrfio'ifwi itdcardMaskwirnT1:rnursFirro.r1uf+fi'[u4n1 ,; q*r-fitput aprrBmar Lsful oytsftffi (oon'ct are) , s. d1uf,ldrurail.rre.rsh#nui'ldfifrnd'.rdlrld.d'r2,,^4o,8,16g,z,64,1281r{ntdquf,srflu mfl \"tlllrul Frto-inriilfrr!irut uomnrr{\" l. fiqmmriol:J'jT\"turprto-ln{u{r..rrfiflroFrrdFrrflldu\"rvirtadqrnpTrorjr,l{rqffiuuuim *onmrfil1vilr,lr' unilriurrrrv+irlnriTlnr-'iin 172,16.16.0,171.80.,0,tg.o rvirfli + vrafi)rir \"rurnro,in6irq'luim*oprrBfirrrinrr\"fludu1filrikinr-rrnlfifrnn{l{'[us{la#flnduniufirrru.rpr Mrri'r zo hf,foi ,jrlur orro+nrjwuirfli sz rufrFeisEifqr mmluriaf,ortrJ s. d'rrnlluwildcardMaskdruuri+h.r#arilqcfirirrvirr\"Trrurnrnarnrjiln\"udrfl 1,4 - 1 = 3 d*\"\"i*liuFi'tflotWildcardMaskyr-'il,rlJFtfirr'ru,rrutfrqy0r.y0ir.r3T,2r ss*nsri'rrfiElurfirlur access-ltsqtstfllu{'utlTnitentnrnt?Hfr'uudtptrtfirwsintdilcardwast<fidru,tru16'frr,16'u r T u d a1 7 2 . 1 6 . 1 6o..0o . 3 . z s s no'ifi qtrur rt-,olrir{ Foi blfi It HQ(config)#access-li2s0t deny 172.16.16.00.0.7.2SS r T r o e j r r { t d ' u r f l u n r r f f i 1O#r r u v4 ' l n i m $ o p t p m1 7f i2 . 1 6 . 1 6- . 01 T 2 . 1 6 . 2 8 . 0 (16,01,7,01, 8.01, 9.02, O.O,212.02,.02, 3.0) fitnm.jr\"rrurnte.rnqiutl:.:rfimuronrprrel\"ssrflug,lrrifin-r1r=uTq'{rflue drrnrl.irf,iuiniroprrprrarilquundqyfidruquflFdnafiouflu2f1.nflafliln t HQ(config)#access3-0lidset ny172J632.00.0.31.2SS n-,rotir{{r.rfr'ur{lunmdD',iE1r#uyf,r..rrfisruoarfji7?zr.{16JlzJ- 172.16.63.0 d\"itnnt'i\"rturflqotndl{rtfinuoprrnrr{q\" yrflu32 fiEnrrrarl#rirror og nlfrrs 32 u#t r,:ndn r 16'rvi'rreTzrhr{'finrr6.rrflusz- 1 = 81 #{rnn.ir{u nimuonrprrn#orurd. rfi4rurufimduafoi urTuf,rrnlil19 fiFr ffi HQ(config)#access4-l0isdteny172.16.64.00.0.63.ZSs d',radr{{r'ifrurflunrrd,r'lrDfrENyrT:-ruig|roamrf1i72.16.64.-0 172.16.12r.0

rr\"arrf,r;lurrTorrifnernoilnrcniisryco,nt tntJfiffil d'irnm.i\"rTurprflo'indlrt'rrrinuoBrtsprrllfclu{\"o+tuffinru6.itfluo+- 1 = 63 d'irngl.ri 4'unimrs Frprrar't\"uprdu*fi4r urufl gfti uafiouniurifl,rila 1I fi Fl $tandard Access Control Lists rrrarat i StandarAd CLr{1illTneqrp'rnr,rtofrJarBreflvrilr',lfilntffTrrflnrSrfoisu1r?creluP''Arsd'dlnresslu rufinrfr4m6nrrs{FrS.i tandardAcl fi6o nmn#r.raccess-lisfitffr,lilrernrilrv.irnct tflurirpT'tunt ffiu.j1,it - gg raSo1300- 1ggg1.rrrlarnrfloA.icL qyrflupTrri+ronR.ircL fiq1naflrrdurrA'oroqjtu ilrvrrvrtrauud'iqrnfiruqulrernrAcLn'itilrflut - ssu?e1300- 1999t,osnrff1fr.luvrTufi'iritrnrn.t n5r{StandarAdCr ad norng:-rJr:-rnl 'rm*r1dr d\"rurnvnr nfi tnoflrir'11lu standard ACL H Q( c o n f i g ) # a e e e s s - f i s t ? <L-99> rP etandard accegg ll,gt <100-199> IP extended access Jist <1000-L099> IPX SAP access list <1100-1199> Extended 48-bit MACaddress access liet <L200*L299> IPX summary address access l\"ist <1300-1999> IP Etandard access list (e*panded range) {200-299} Protocol t14te-code access List <2000-2699> IP extended access list (expanded range) <300*399> DECnet access list <400-499> xNS standard access llst <500-599> XNS extended access liet <600-699> Appletalk access fist <7OO-799>48.bit MAC address access l\"iEE <800-899> IPX standard access }ist <900-999> IPX extended access fist dl,namic-exLended Extend the dynamic ACL abolute timer TAI-F-limir Simnlc rtfF-limi1- enccifie access 1ist, no,tfieirnrso (oqj'[ucir1,:- gs) ruffrfiHvfrrr$o'iu]Jrfl61(n?1),]lor s orffvrTufi.j'rrnrirdtnHr'l StandarAd CLn'rnfirfloflriBrtrld'irflunrrrfirmofdtulJl#6lJdSlutafin: darAd CL HQ(config)#access-list 10 ? *- tstl'jrm'nn,1r? DENYur{nrfiodreqllurtou'[tfimrruuff-t deny Specify packets to reject * rv!'i rfi'o,n:rr PERMIT ufirrlfinfrreqilurteutlfr pruun''t permit $pecify packets to forward remark Access list entrv comment + fro'lnre'[ddroEn:i'ritfillluaccess-lifsintf'r'ifui

Unn 19 Secuntyby Access Confro/ Lrsts(ACl) rili .::.:!.:t!. '!ir,, i r l 517 no'ir{afidr4flarfDlueny HQ(config)#access-lisE 10 deny ? + s{\"tulfflf gq,t''uttiet*ontarrad'ufrl-:il$eilfi{ Wildcard HoBtname or A.B.C.D Address to match tvtas1t<41ufifi any Any source host + r;q.jruorrrcrrnfruvr'rfu'lrortrfrtff host A single host address + ?Eru.ol Flrcr?nfrrutrlurrlgnrinoro16 nr.rqdhotir,rd'ortr.J ffi HQ(config)#access-l1is0tdenyhost192.168.30.2 rflunrr DENYTEdFiuoFrrn1?9f2i ,168.30.2 t HQ(config)#access-2li0stpermitany rf,lunrrPERMTTTn.'luoarn?c{ t HQ(config)#access3ii0stdeny192.168,00,0,0,255,255 tflunmDENY4n'l ufinfimdr'sourcetPAddressz ludfumduffufi.r1e92.16d8\"Judnz tui'4nrfrruufluestrfi1ff rfiaaFr.al ccess-tilsfitufir 1#ri'rd'r'HluduinefrlJsfiFio'inrrfrrfldiprda'iccess-grou<pacl numDer><rn/out>js.r IflrltJtfrEuuro5Mtfrpia'lnrr E+leF.qeAdp.qee.F9.pn!rq.l l=ieT+ ,, ExtendeAdCLrfluncr firilBrTonrs{lfi'eT[4\"irurc.u.ror*r,deutl'16'nyrEspprR'rrvnttdrual?uonm , orruYrufinifitmfrruri I SourcAeddres:srrluld'vr9qtTr.rrtlrrutt-frinrninteu{o,rtrnfi{flFeufWiqflldcardMaskT, aari LLoatF]f6 I DestinationAddress, rflu16'#{d'!utiBt*oprmqr6iL, rfim$onlretrnilFoilfrWrEitJdcardMask, TarcBiuporprrd I ProtocoFl ield: rflulfira^.uuuu#oeigrp,gre,icmp,igmp,grp, ip, ospf,tcp, udp A sourcePort: t{luunrsrnrnoflmfr'umrrfioqjludruranrnoflioc4rn(TruCopf/luDpl)il ru\"finrftipm ; DestinatioPnort; Liluuil'tutntl,{ofmiln'reilr.rfieqj'lurdruraprrprofacJ(aT{crPnr/suaDiP) luuffnrffntP

r-dauf,r;rr,i,rurTdonrnErJnrru{lochco nt ntJfirtfr fl lP Type of Service (TOS) t lP Precedence t r?,lan\"ila{ TCP rdu SYN. ACK tr 199rns 2000- 2G99\"luqrusfirn drraf,'Eu xtendeAdCLlnJ.rsrnAfl CLccrfluFirm-{rtorio - fitldrd.ar ccess-tuisdtrmrilfirflFTrrntludr{{r'id\"tronsrnirr,f:fToruri'ufr,jrrnrirdr'xintef,nr'dr eRdcL of{l d\"rlud'QoEir'id'fihl IIQ(config)#access-list 100 ? PERMITg or DEI{IYg deny Specify packets to reject dynamic Specify a DYNAMIC liet of permit Specify packets to forward remark Access list entry comment q[l]Lo'drFrqv Fh rn| anorL{4frilvc flaccess-l1is0t0denyttvff]nrHvfr,rE4 iunr?o'ruilruF1l\\r'rn?l['rJ]J[fF* ro[ in| rr'lrj frrnr6r o frnl d Protoco6treqiludruraFrnoflflo'i*ffnfi rt IP HQ(config)#access-1ist 1oo deny ? <0-255> An rP protocol number ahp Authentication Header ProtocoL eigrp Cisco's EIGRP routing protocoL esp Encapsulation Security Payload gre Ci.sco's GRE tunneling icmp rnternet Control Message Protoeol igmp Internet Gateway Message ProtocoL igrp Cisco's IGRP routing protocoL ip Any InLernet Protocol i ni ni n TD i n rD trlnnglflg nos KA90 NOS compatible IP overi IF tunneling l ospf OSPF rouCing protocol ncn pevl nerl t-omnr4ssion PIOTOCOI PVF rsf'v** pim Protocol Independent Mufticast tcp Transmission Control Protocol udp User Datagram Protocol '[urorniqnrTntrrflionflnriProtocortflu rcp uffrna'rdeirnrto.rl4tlnrEfioJdretnqil'rflfirnof f,ntrlf irflu SourceAddress HQ(config)#access-List L00 deny Ecp ? A.B.C.D Source address any Any source host host A sinqLe source host

Und 19 Securityby Access Contfo/ Lisls(ACQ '{i1,, 5 1 9 \"[urorniqmrTfrorftlrul ul'fi'192.1080..300.0.0.25rfslusourceAddreffsusvrr'lurnrddrrr3o,:r,rilra t rfiodmrn4nmrfriBrofffprEtri'-ilrflut6'la'iurlJarfEliliEfnpiuilr('Si ourcPeortr).iienmrfrrnoDf estination Address Lla.lEJyl''l.i HQ(config)#access-list 100 deny tcp 192.168.30.0 0.0.0.255 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given porE nurnlcer gt MaEch only packets wiCh a greater porE number host A single destination host It Match only packets with a fower port number neq Match only packets not on a given port number range Match only packets in the range of port numberg lurorn{'4nn-orbf-rJrl*tul{tflu DestinationAddress6'iryirri'r-ai ny ytlilfrLaofl any 1,rilrEiif LtoFrtfl?fllffl\"116'ufirfirviralo'iutlut rfiodrmn4nrrrfirnoflflprtrJfi'rfioqjfrrtrTuun'ragrJulr-t HQ(config)#accese-list 100 deny tcp 192.168.30.0 0.0.0.255 any ? ack Match on the ACK bit dscp Match packets with given dscp value eq MaEch only packets on a given port number estabLished Match estabLished connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number 1og Log matches against this entry log-input Log matches against this entry, including input interface Lt Match only packets with a lower port number neq MaEch only packets not on a given port number precedence Match packets with given precedence value nsh Match on fhF E)SH bit range Match only packets in the range of port numbers rst Match on Ehe RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the IIRG bit lurarnf4nrd'nrlhuldddrnatu'lqfirr'orr'eir4frerq d':1firrr4ail']flrnrv\\ofln:Jnrfly(rdr.ei stination port)ao'ifi1rv[e*qfrrfirv[rnr6o':1,rz]Jurfsiedrmqa'jrfiuursrnlvloflBrlBrrfl{'itrs'lrnL,j1uil'tg[nry{EfF] yr L61fiilqlil'rurJln titritrltrfr$]rlflfrrltrffilrffiifiiffirIflrlrrt

52O #' riar^fr;lurrTnrirnrrnqilnrnizcois'rco ntnrJfiui uI \"-\"'-ttJ{de H Q( c o n f i g ) # a c c e s s - 1 i s t 1 0 0 d e n y t c p 1 9 2 . 1 6 8 . 3 0 . 0 0.0.0.255 any eq ? <0-65535> Port number bgp Border cateway ProtocoL (179) (rcm5d1' 4)chargen Character generator (19) ;:;.1;:T:;lill'ii:, discard Discard (9) domain Domain Name Service (53) echo Echo (l) exec Exec (rsh, 512) finger Finger (79) ftp rile Transfer Protocol (21) ftp-data FTP data connections (20) gopher copher (70) hostname NIC hostname Eerver (101) ident fdent Protocof (113) i r c T n t - e r n e-t - R_ ' -e- * lJ a w C h a t ( 1 9 4 ) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) Lpd Printer service (515) nntp Network News Transport Protocol (119) pim-auto-rp PIM Auto-RP (496) lrTrroroivlorl qrll?j Jlil ivld11fluqrrr4 eo 8- ^0 fJi'turJ'frlf1i,ruururnflnorimilI nrililr'i rcfllil 80 d\"ir[3F{ l.r HQ(config)#access-list 100 deny tcp 192.168.30.0 0.0.0.255 any eq 80 Access-tinsrt'rfiurflunrrfilnrnoflr,liorJfrrnnvrmrlillndfiuroprupreatgfrz'.utvorar.'rg{oufruffrEJ ( n . t i lt r{ l j j l y4l q - l u o h;r r nrd h v f. r )l u n r rr {hr t :r -v J frlo':F r r F r r d l l n ' r t r vtnfl'i l o v t ? f f l f r f r f i n o S m r l n r f l v ntf'lii l u i l ' r EtJn f l 80 F ri (noflrrgo'lwww) d'r'qrnriufrrfiuurfrnrcr du1r'ilrl:.l1auecess-ltiostorfiurfiud\"id H Q( c o n f i g ) # a c c e s s - L i - E t L 0 0 p e r m i t tcp 192.158.30.0 0.0.0.255 any eq 110 HQ(config)#access-LisE 100 permit tcp 192.158.30.0 0.0.0.255 any eq 25 HQ(config)#access-1ist 100 remark used to alIow mail traffic #.ino.r:JmrFrflunrmqrprmilfly{flns1ndr-Lnin*o1n9r2p.r1lc8{8.30b.0Je-.i:Jnruvrr.rfloflfril Tnafiiloflnilnlfl?t't.iwjl1rT1:0r(pop3)rnsrvilri'L2s (smtp1) ufid{rduulddroEuresoA'rcLdt{frxfl sL F q?c r l d. : ' i a c c e s s -. l. i s tr e m a r k rE['fiFi

Ul'Ifl 19 Securify by Access Contro/ Lisfs(ACl) 521 d,tuilmv,lflnilrrmvrndruqlnillrnnrodrtrJTprsfivfr,JruaznuBnirtom,rpticdiet nyatdt oqjfr'nrucl Unl ACLf iuliunqr'1il16'n5rF'ilr{rfiil Named Access Control Lists r'td'nluntnir,i'11JNflfal\\m: edRct riulrafiounTurlnilr*nrrSfltiandarAdCLlrfluExtendeAdCLrir.t rTumru'drnar u'lrn#o4u\"l#flLACL16'riofiro,i Namedncr lfi uri r c{gntnttnsirflFienrrqndr m fi']tJ'trnarrsil'tyL't,incE finia'inrrlfi drff.rfi\"lff[unrrn#Nr,tamedACLtluu standard6o ip u\"\"*=s-lisst tandard ,:udrflqfi14'lu nrrnffr{NamedACLLt!:JExtendefdio ipaccess-liesxt tendepdT.r[npr{1um-,]adrrrrnnitpdrrbdl',rfi\"[fr lunrrriqd'r:l{Namedncl fin5r,rt{flfioip access-grou*fpioro.rNamedACL><in/out> m\"'todr'in-nttidl a'in1?dh'$runrrTrnNra\"rmlfiedACL[rlri-E] xtendefdf.:rnrt.irnretfrTuuBno.t nlTc{h'Ni ameAd CL(rrir{Tr,rnerflrad\"lnrnfarcHcve{sips-leisxttende*dfrrnrilfr,lflfiarrnyrerryfifl,)l rmfrHvRf cr dpio'rnrrTertir,Tilfrupferfrmtl iut lo denvtfriaeTFrt:lilfr'o'ifrilvfdaticrcess-tidsut pTu 4rdl [u]Jo lJOU't'ivt s.J'tuu'l HQ(config)#lp eeeese-ltst ? extended Ext.ended Access IJist log-update Control access list log updatea logging ConEroL access list logging standard Standard Access Li.st HQ(config) #ip acceee-1iEt extended BlockWorm +- filt{ ip accessliset xtendendrufrrfl4ottnu rnrvfrti Itl(curfig*exE,-nac1)#deny t,cD any r.uy cq 1.35 + ld denyu3opermiltfrmuttdrflrilfi,1fl n'trrfitpr.oirrLlfriru HQ(config-exE-nacl)#deny tcp any any eq 1\"39 HQ(config-exE-rracl)#deny tcp any any eq 445 HQ(config-ext-riacl)#permit ip any any HQ(conf ig-ext-nacl ) #exi t + unr{nEnt{rflcpcermivtrrrrlfindulri\"luu; H Q( c o n f i g ) # i n t s o l 1 H0(config-if)fiip accesg-group BlockWor-r in * ri'lrir'Ifr NamedACLrudurneiur,hS0/1 lufi rtvn{flrt{1(inbounor lufrnurusd'r'rd{rfufiuulfrrdFDrENYunylflnfihifr'o{nrmantlriouudecrnliud,iFiroErRMtr tnr'{flndutfiuafieqrn#ulr}'l-trrTtr,lt#ameRoCLrr-rneir,lru6urnosfroy/ltn1ufiail'ti,nt bounu

re-uaf,r;uurrierrifnenrq/nrrulro{cisconrnrJfrlifi HQ#eh access-Iist BlockWorm Extended fP access list BfockWorm deny tcp any any eq 135 deny tcp any any eq 139 deny tcp any any eq 445 permit ip any any urnfro.inl?EJnr6flLA1C.Er oonlilsln Namedncr do BlockWor\"mlrfrrfrr{Trarunto'in1r?{$1-l dnnrFcLrfrrffHvfdNroffFr rlilfrrEnrCE16rrdu HQ(config) #ip aecess-list etctended BlockWorzr HQ(config-ext-rracL)#no deny tcp any any eq 139 HQ(conf ig-ext-nacf ) #exit Er r\\^l / ^U^u-r€r rl r g^ \\ / !^,-i tLs \\ #e4r HQ#sh aecess-I1st BloekWom Extended 1P access list BlockWorm deny tcp any any eq 135 deny tcp any any eq 445 +ljffv]\"fi denytcpanyanyeq 139Qfrflnlfinoontr-ludr permit ip any any d',roEir'i rTntj $ef{i.in1TeH{ fi *n st\"l-F+r't-lldNamed Ac L t[u:J Standard HO(eonfig) #ip aeccaa-ltrt standard ontyPrl'vate HQ(config-std-nacl) #permit ? Hostname or A.B,C.D Address to maEch any Any source host host A single host address HQ(config-sLd-nac1)#pefln1t1'92.168.0.0 0'0.255.255 HQ(conf ig-std-nacL ) #exi t H Q( c o n f i g ) # i n t t a l / 0 HQ(config-if)#ip access-group onlyPrivate !-n nouf,lqurrufrT,ifrurflunrraFNr.a:medACLurJrJStandardrfisri.t6'u1{:Ju6utnsfwf{Rt olo 1uffrrvrr,:mr{r Toraoqrymr sn'ru*fi ilrffFrdfitp noor\"ss fiuvrr'r{uBiuiElrrl sz.t oe M1#u drf,*u$How frlducriounrA*uGL I sHow AccESS-LlsT HQ#sh access-list list 10 Standard IP access deny 192.168.30.2

*' 523 Unfi 19 Secur8 by Access Confro/ L/sts(ACL) deny 192.168.30.0, wiLdcard biEs 0.0.0.2S8 (779 matches) SEandard IP access list 40 deny 172.16.64.0, wil\"dcard biEs 0.0.63.258 Extended IP access list 100 deny tcp 192.168.30.0 0.0.0.255 any eq www permat tcp 192. 168.30.0 0.0.0.255 any eg pop3 permit tcp 192.168.30.0 0.0.0.255 any eq smrp Extended IP acceBs lise 101 permiE ip any any (15 matches) permiE tcp any any eq www t SHOW ACCESS-LIST <ACL Numbep qtE{ tun'l?ttf{Fl'itflillcflanstdflflnflCEL.ifis{ulqtion.d'oshowaccessiis[tlffgshowaccess-tist <number>qsfirlrvTstri6nocir{rad{fl#6iolssudFl'irirc{frfifit?flhni.titcount{urur6',:rf,i'rrilunird r-i{uon.irfiilfu rrurIn rffprfni opnr fro'lrTruiouhluurinr ACErJ1nfioflrfis,rlpr I SHOWlP INTERFACE<lnterfaceNumber> ulnfro{n'rTq'irrruvf,rudurmoflrv,ltfis{ualcqcfei ss-tirsi.tiFr'rl#oqjralontrrdi '{ud'ifitd1Ado showrun trdomrilfrQedurmaflMniurd1u sh runintfa0/0 Ul v udd 4 4qqvs4 ilonslnilu fl.l}]onn1fi,il/u,:yl [tLnnno show ip interface <interface number> EQ*gh tp tnt fa0l0 FastEthernet0,/U is up, line protocol is up Internet address is 192,:-68.40.L/24 BroadcasE address is 255.255.255.25S Address determined by setup command MTU is 1500 bytes Helper address is not eet Directed broadcast forwarding is dieabLed M u f t i c a s t r e s e r v e d g r o u p s j o i n e d : 2 2 4. 0 . 0 , S ? 2 4 . 0 . 0 . 6 Outgoing acceBs IiFt Is not eets Irrbound access liet is 1,0 1oi'orord4nl fppllrA. F.l,ffpn.Cr+npnr.q.qLriNifElpVTY AcLfi.urlrnqnrirurlfrrfiontt.r4iln1?tvrnrfimr{r{rhrHaflro-Lihini\"elVuTil1yl.dr d'QflnmriruurnrrrJ,tr: tatllPAddressuTa{'utlirr*qatflTafiuTrcfifirumnrilnuinr{rq{r5rrTnluor$rolfui fipr'.ifl

*-ffio,**#d #uuitzuutfinrTr'onrnErinrnizf't, chcontnilfiu-oi I t. n$r.lStandarndCl dul'rrfiooq[-x'(lFpel rmit)qnlg lPAddresfsiuUlrvnu \\ Z. rT.rrr*1S1t{andarndCL{'r,ifiutfirTtLr ineVrYfufldrd'iaccess-clasins He(conf ig) #access-t ist ?0 permiE 192 . L68 .30 .2 {- OqrylFltsfllulP Addressfitun1r({il ire(conf iq) #access-list 20 permit 192.168.30.3 { - o u t u l f l t q i l 1 Ul P A d d r e s sf i t U r u r g f l l HQ(config)#Iine vty o 4 He (conf ig-tine) #acceee-claHF z0 ln <- uuil ACL l4u1fltnflZO{r'lfiur{rfi'u LineWY rirulr'ld'rfir access-ctass..irrcnl umber>in tiit'ot1t1;ttnlol'\\'t2uttoFltpt?'drir'rriuMtiut#tl',tttiBtlflurtfi tTcorhunrsluluruAGL t92.168.30.2 ?03.155,1s3.1 ',rr.rtt.rrl'-f'--'-\\- -'r=Ef,;,ili\"*'-{92'168'104 f\" il\" :'.lT';l$:l grt-t J{ttfiu3 f,'rJrynaripTradr,in'ntrct{lFTr prEJrflutnovttnrlfrri'rrrqrn1lu8fgr rJfr1 [tRr-|,F]tilu dru tRt,rou,r*qr$lp1oflduuorur(1gz168.40.(0r).rurv,lruSrndfinrrf,iuTriflerfTnFroosaPFtufiou lugrJriou) fifioriTrauprfrifltrTlnrr t{rfi+uTnmrirt1 dfioIor frflnrtrt rl ACLd'{d t dru#ulaapi1g2.1oe.3o.z oqrg.rnl#uonrrnhlsT.ifiurvreflrfirrrnrlfuTnmthfittept({8rr0)h, ttps(443)s, mtp(25),pop3 (t 10)rviliu udnrhioqr-urmhfruonrna1rlfl-'rrfrflv,lrrofnrllufirT':1o9q2i1lu648'l.r4r0im.0fi':otjlruRru ilrr#rrprogfo

Unfi 19 Secuflty by Acce$s Confro/ tists (ACt) 525 g dtafluTafiFi 192.168.30.3 hild'fuoqqJrnl#nsntnnoontrJe-.i6uurirloilfrnfilmuoqrmpTl#r{rfr{ififly'lrnofii'iurundeqj'[u t'r-rnin1s2.108.4T0p.0rHr{irlfrrqilrsfloflmilnrsvrr.rr:urfrfi,,lna#1ri0o2fl4n(i.liorfrlTcp),noflrr deqjlu:ru4'rffis.rosoo- 0000(rrafnuDp)unwraflnfifirirrzfiouoo{ut.J(nof,mrcp) n r n i f l n r u n ' : r l f r ' l rEu x t e n d eAdC Ln u r v f i r t o u h f i n y r o ' s p r r f r u n ,Sj rtvai n d a rAd C Lf i ? r i l F l ' t s r rirl6'ToufrrfisutfrrfionlfiutNrtal medACt *nvrfiofiqmrurqrnpr?''rrJtl,rrJ'rsdlniY'runrflro'ifiodruu {r'rFiuLtfinqu'irsirurauodnaurrc{uficlAlunmrTqnFcrllldfifia r.rufiurmafuvs,elr tato/o.34fl6o.i tff'mr sf Ho tufi rtvrr.lo.l{. (,rrout..tol ncr-fi{rflaurqnlurFfrfisf Hoqruful d'{d HQ(config)#ip access-1ist extended ACCESSRITLE HQ(config-ext-nacl)#deny ip host 192.168.30.2 192.158.40.0 0.0.0.255 {- 1 HQ(config-ext-nacl)#permit tcp hoEt L92.168.30.2 any eq 80 i- 2 HQ(config-ext-nac1)#permit tcp hoEt L9?.169.30.? any eq 443 {- 3 HQ(config-ext-nac1)#permit Ecp host 192.168.30.? any eq 1L0 <- 4 HQ(config-ext-nacl)#permiE tcp host 192.t-68.30.2 any eq 25 {- s HQ(config-ext-nacl)#permit tcp host t92.168.30.3 192.168.40.0 0.0.0.25S lt 1024 {-6 HQ(config-ext-nacl)#permit udp host I9?.168.30.3 192.168.40.0 0.0.0.255 range 5000 6000 +- 1 HQ(config-ext-nacl)#permiE tcp host 192.L58.30.3 192.168.40.0 0.0.0.255 gt 7000 <-g HQ(conf ig-ext-nacl ) #end !a:: il??vr4e'lntii : ilfiranTantrsiz.toe.so.1x zi'l61#rtu ., {f rfiq-r, rfif,v'h,to$1ursdz'L.rrofigm.+o.o urtvr\"F2t,3,4 rac 5 ; oqruTH'lfiddpitsz.tOe,so.zl#LTnrrsrnrfrfv{uuu,]Eoufdrvur'sl flrlirr rirutrqnofn http,httpsp, op3irnvsmtpfllildlrrTu uaevTniol : or4ryrnrhfrTfl1n9r2i .168,s0\".1sfrll?nr?s1nrfif1'Jnfl$'luq1usu2im.168.400/24 rJruvn,lnofnTCpfirioEJn,1jl024t1{6dr4fllrtrfi.narursftie,:ssthan) utevt*rrnz : argpTrr'lfiTflf1iF9i?.168,s0\".e[#u3nr?s1nrfif]'\\ir,1ofluf'l1rr9i2n.168,40.0/24 r.irurr.iilofn uoe fioqj'lurie5.r000- 6000tt#fifitfln ranges0006000fi{uilrflfi,rdr.lrs'wrsflnd'.turi Sooofi 6000) uaern*rrad: argrp'rn'hfrTf1lr9{F2i.168.s0l.+s'L3nrrqrnrfrflv,lrroflu{'ur1fing2:68l0ln4 airuvn'rnafnrcp dtrnn.il 2000tl#fidr4flegrt d.:raruregfi,rleatetrhan)

;i,. 526 -.d' rr'nufr;r,,l uierridnorngrJnrnlzo,rcrscont ntJfiufr 1l${1A{!;l@r- .iio I He (conf ig)#inr so/O.346 * tiqq\"utfiuuSub-lnterfacernrrrpiorTltr,lruStnddtaSub-lnterface HQ(config-subif) #ip access-group ACCESSRWEin HQ(config- subif ) #exiE H Q( c o n f i g ) # e x i t A C C E S S U L E' HQ#sh access-Iist Extended IP access list ACCESSRULE d e n y i p h o s t 1 9 2 . 1 6 B. 3 0 . 2 t 9 2 . 1 6 8 . 4 0 . 0 0 . 0 . 0 . 2 s 5 permit tcp host 192.168.30.2 any eq ww$t nermi t fdb hosr 1c? .L68.30.:l any eq 443 permit tcp host 192.L68.30.;J any eq pop3 . l permit tcp host 192,168.30.2 any eq smtp permit tcp host L92.168.30.3 192.158.40.0 0.0.0.?55 lt L024 ncrmir- rrdn hnqf r92,168.30,i 192.168r40.0 0.0.0.255 range 5000 6000 permit Ecp host 192.158.30.I 192.168.40.0 0.0.0.255 gt 7000 HO# 4noei'r.iqvfiiru{druvrnrtrarunfinrdcrl firtnt{frr'ifrufi,$f fiqsqnFio'ifl\"Tfriol rirrau{Br.r:\" fr'ufrflrlul rifiufrr-'rlriqnffornrufqi'rrn1i1{4frnl11ur\"iulTtrplrttr'in\".r?vn'i'tililnfrro'ms:r:Jrrimr4flnfifi oqjrfil riufrdsr6o.r$e.rr#rfiTilrTnnoosapF r14?1stvra.i'r.r6umoflrv'lqfit?enffFioMril?rndto'irffrrnrof ne ri'liF.rrprsoriteTwroiufluospr od rm6'l,i'rrflufio'rourgrn\"l#vrmvO'lSfrPln4Ft.or'ri.irur{rurfi dr?sn6uunfalrv'ls'rolog. +offrs tP fi rfie'[#rFfirtTrrJTnnrondr'nu'n1rfirlln rilc{16s{if i6i'rfolu t. ng{udinegr rad'tnr nri'idll\"H ACL a'ihl \"tJ HQ# L 5 : l - ' 7 t E l : T O S P F - 5 - A D J c H GPTr o c e s s 1 , N b r 1 9 2 , 1 6 8 . 3 0 . L o n S e r i a ] 0 , / 0 . 3 4 6 f r o m FULL to DOWN, Neighbor Down: Dead timer expired rxJ6r6s{rtfiud\"u.u^r.llirrFrrnofHl e unrrhtrtofsl iteTwohiarurenv,loflinrrn#lv{uri- tfrrBroflrdaurir(uneighborrelationshirp;r)air'lrTutftrnnrqn ACLfl-Flflxilf{ {rduu6.r,irrflufio{rffilurmp'Ferrmiot spfanyanyrfirtllu nCL 16rn-.r(dflrdeulffioTonrn rfixJicmpanyanyfr,tsr1,{r1rrfion?rflfr€'inllyrcfiodnonl ectiviFtyi't.i'*'lritrjrfiHfilrlrflult) HQ#conf t i Enter configuration commands, one per line. End with CNTL,/Z. HQ(config) #ip access-List extended ACCESSRULE from HQ(conf ig-ext-nacl) #per-rnit ospf any any HQ(conf ig-ext-nacf )#per-rnit it;mp any any HQ(conf ig-ext-nacl ) #end 1 5 : 2 3 : 5 7 : g O S P F - 5 - A D J C H GP: r o c e s s 1 , N b r 1 9 2 . 1 6 8 . 3 0 . 1 o n S e r i a l 0 / 0 . 3 4 6 LOADING to FULL, Loading Done I t_ i m14qfl1l!1lffitfl|ffi1lilffi!ithfiffi#ffifllJildilmffiflisJMffi!WwsffiryryfffmrIi'

Und 19 Securifyby Access ConrrolLists(AC[) 'iii.. 527 l \"|lliqq #rw HQ#sh ip ospf neighbor Neighbor ID Pri gtate Dead Time Address Interface 1 9 2 - 1 5 8 - 3 0 . 1 0 F U L L / D R O T H E R0 0 : 0 1 r 4 3 192.168.10.3 serialo/0.346 ,i lhrnof t-tQniuSiteTwdo\"rtr\"rinvio*rn.rru#ilfi'ufrhrmoflrdaurTruofiSf,puFldrufiourfiuunv v rfrfi.rTilrTnnenoSpFri'r,rrulfimrrunrfjr rrJ$sulriuuASL rTulwscilf,d fi-:runi cl qsrflurF#o{fiafid1unrrs{Hr.:mmrnmflnrnff.Ju1priJfiitlanronfrirfiirflrrDflnraomrpio,:nrr qrJntnidrraflivirrarirfiluiFnrltu4xJrvvr,lfrlnfi40{.irurnrsneodr'isT,i{{Tulfal nrsiltlylflnfiflL c{,iti't-lrFriodrfl6urvrsflrfinunufro'rflo'irTutfrfurrofs{rmrrusfirtlprtt#ru,,?lfnl,rroRn'drsilu'rosynrffrlrufl 44; 1.1tfl fl nil illtu'i gfi il nrJ'i s nfl ACLlurFrrmofnrrrqnrirlr\"l#rflururrrrn'rrdcirurn?runrrru:Jnednofrii'rJadnne#ou,lufi.: rrfinrfinr..r'r'i4'rrr'tnoanrtiielruiofiu*finrfinuarirr.tuqs0.iruilrET,r*tnvrlfplrerrnndnl{1uuTnr4fln s nraq\"luo fvrpio.rn']fnltFr'tIJ4tvrt4flnrvr.r.ir.r.rraT3lrefrimsun.Virr.LilANrir,r1ra6srvu.ivrL.lANrorfr lfrri'lrfrflr'{r'laffi\"hf,:.r?nr(rdn'r.eilulunrniza.rd\"roeir.rnm\"l4f',irortuue'mctrhj#r.rfr#'u)srelrirups fnurnssilrter\"t5'rrnoHf\"rnoufilncl ufrr\"lrfivirrarirdrafiauu\"f1l,yir,f,llufl,lounrdm''ryufirfiun-n I nT.l1tottFrrnef6enmvn'irufirurFard#r'ci trrifri#rrmofl{uharit*onsrtr,lrjlrerfrrlTfi\"lu:h1rTutfi i riu'lnrrilterfltsofpirun'rrililnonrn-uoir,:1lJ1nrl'rfllaJCefrlrdl,'{rfmietq4r'nnrEJluFTrrarFfqioarm ri'teuaTHnSr'inmrnilna-oshfrrTrTnrrqaFr':frug',ufirurnr?odrflro,iorr{'nmrqdrf{ifnr{rf,irurtrJhiu{,i .

hu.b{JG -udoHruflrwfl'tfl \"El6cl\",r;,ili,,r., I * $fiarruunrrrurJaorrrYsuu \". MicrosoftWindows $erver 20fi1 dfioe$arsuullflsutn,ttuuln5slirg Windows ZIXX) !U rir$uu Philip Cox unrTom Sheldon -r..- rtrrdtrusnrr siiturmrfi iltrllH tDnflYlfr'lau{17 FEI,I €114-634-?41-7 fln1 219 rni bl gzo**or* r1m s6orrin afr.torrrui.tttni,to\"runttuilnuorr*ru\"hinW*l'itnlldr-orw2s000(Win2K) urnn ruinuilr;r{rlt frtlur*onrtulurir 0n Windows2000Serverut un*r ruarrfiqriintarorduafal ,rn*uhiLiq'tililrrp.:ri6rrrr;nloudrrruunr *.J J , qr a i L S t ' t f l'tf 1 1 t t l ,.!- uunF0tFlJ1t0tlI't u [TnilTqnflL5i]JlJlJillJOfl'11']1{ il1?1t1dlll',l t' rior na*uriirro.orrulvi ..r.'r'tri6'lrll j rrrrTutiurrui'Lilriir.,, q,iorJfiu.:url r,irafl r;*-u\" fio WindowsSeruer2003nr*t;1sti1iirfl-ir:.. rri rrrr o*ruriflriin unrilmoflurll rE,rwindowsseruer2003oi'rr\"1rrnurl 1ilnrrr,ar roltt Ei ilourruflnmo{uu Windows I ilnrnr{rranrrro{ Seruer 2OO3 r[{uu Joel $cambray, Stuad Mcclure aiiuu Joel Scambray trf,: Sluart McCluro |rf,; George Kut aiuJnronfrrf; ituer? -J,.- l$BN C/,1-534-W-1 x'Ifl't 420 u,l|l BrrrrlffrDnfliltr'rtllt,lt FEtl S/.1+34-30i-2 x'Ifl'r 495 rnfl t-tJoutunttrn-rlvt\",tttun:rEunro.lio,rlrrineiinnrrhrd i'rnrrrjfilhrT u qoda.rlrailulnr,rrfrruiori{inuftrrurrJfirGn'rrwindm serue2r 003 r a . r u a n L n anr tr r t l r , r r u r o r * r r 4 r r frir r Q r : t t u t , r ; i = fri i o r l w i v r t r u o r i u trnnrrltrddrrnirnruun:lrtuniiuur.rrirsflr.ilun'rrilif{iffnrriun'riroi.r rJnoon-rtol*rtdud.rrirorilusrif{iniri rn\"rulolriurornrri]o,rriuunr dlrinr:vinrtorl flflvrnilrfJ rirltlr i. iiqrrrirrr- \";r:t,-- llrlriur:llirtut;rryilortjl- yirlfrrlru- u'f';l'rtruu*uloi 1r]4.iR'0[Jncil\"h! \"r]1?r.rn'r'rulrrnrtatlriiuurinuar r.rtrruaiuo!!! lflf1, rqF$H{li. .il]i||l|f'f,i,-: l iil$ffiiiliitiirit,l1il,iiltiltlifrF$&i d ':d'Jg#T uns#lu dE 4narm nEofr uuu-.A:ut%tirn'itU P@\",,#lHT0tr.]st0lriT0lJT']T3[.:1{[1+1I+u ut#fl 6rf;o-urcr*'durn*o1r rurnsr4Iq) u I r3uaq I rfrn t TourturJrurulFri;(w-iau uuuu#ngrr+nrrlaufi uw ohu) tl n q i n 5 o r 4 r ' u rf l T n r u . r * r 4 ' r ' r.r ' rIf riryfootvrr*rr^nrrdf 333*t *20198-2 r. r # t nqilnn f,'r?'riftil rirXfioorunrr*nrdd 11g-4-2z2do-o t np'lrru mo,.q\"t#il'iniul riryfrooruninrndtd oeo-1-aosos-0 I nfi,nttmu srrurjoufiuusr'r rirufiooruvrirrnrrtdT 703*2*00ss4-3 t ltruvlrfisrll wrtr n,stuntuyr(i qor.rqrr1irXfrooruvrrinvrldrTo4B-2-oso1a-o fl0:Jn't*JT\"ullR1ls,[a0rJ9l[1! til rfiil'l ilvr^rra$+n?t1u/n1 TsrH1fi fi [9[u rl,lillllijii,i vGl uqdrn ur6orgwru'+rqhrlo (ur.rruu) 46,287=90 ornrrrr+g-unl?r?E{gqur S n.il'htu't-gtT:t *tl 4l$ l.il 'utrrur..turt?g|1J.l.0u'ln?ltY11,{e,10260Irrt.o.[ztg-8222;0-2739.833eTYrrl


Kidztopher's Library

เรียนรู้ระบบเน็ตเวิร์กจากอุปกรณ์ของ Cisco ภาคปฏิบัติ
Share
Like this book? You can publish your book online for free in a few minutes!
Create your own flipbook

TOP SEARCH

business design fashion music health life sports home marketing children

RELATED PUBLICATIONS