2022-12-21   ES  

When the device in the enterprise network is communicated, it is necessary to ensure the security and reliability of the data transmission and the stability of the network.

Access control list ACL (Access Control List) can define a series of different rules. The device classified the data packets based on these rules and processed different types of packets for different types of packets, so it can be possibleImplement the control of network access behavior, restrict network traffic, improve network performance, and prevent network attacket al.

1. ACL application scenario

ACL can allow or reject traffic through definition rules

2, ACL classification

1、A ACL can consist of multiple “Deny | Permit” statements, each statement describes a rule

2. After the device receives data traffic,will match the ACL rules one by one to see if it matches. If you do not match, match the next one. Once matched, the action defined in the execution rules will no longer continue to match with subsequent rules. If the rules of matching are not found, the device does not deal with the message.

3、The matching order of the rules determines the priority of the rules, ACL handles repeated or contradictory situations by setting the priority of the rules.

4, ARG3 series router supports two matching order: configuration order and automatic sorting. The configuration order is matched in the order of the ACL rules (Rule-ID) from small to large. By setting up the steps, there is a certain space for the rules. The default step is 5. The configuration order is used by default when matching the rules of the router. The automatic sorting uses the principle of “depth priority” to match, that is, sort according to the accuracy of the rules.

Passing the charged scholarship:

0 — Meeting

1 — Means ignore


CL is used to match the traffic default to implicit a Permit Any, which is used to match the default and hidden a dene any

three, ACL configuration


Basic ACL: For the source address, close to the destination end configuration

AR2 Configure:

[AR2]interface GigabitEt

hernet 0/0/1

[AR2-GigabitEthernet0/0/1]traffic-filter outbound acl 2000

PC1 can access the server network segment cannot access the server

Advanced ACL: Generally close to the source end

[AR1]acl number 3000

[AR1-acl-adv-3000]rule 10 deny icmp source destination 0

[AR1-acl-adv-3000]int g 0/0/0

[AR1-GigabitEthernet0/0/0]traffic-filter outbound acl 3000

[AR1]acl number 3000

[AR1-acl-adv-3000] rule 20 deny tcp source 0 destination-port eq ftp

The top 10 friends who are concerned every day follow the wx gongzhonghao:

Huayi Network Labor huayinetworkPerform information download


Related Posts

JavaScript+XML that supports Firefox and IE for data paging

4.4-Delete container

c# signature to the main program and the third -party DLL strong signature operation

d3.js —— Select the binding of sets and data


Random Posts

docker installation and fast entry (Mac) BUPT

Backup and Restore of Dream Database (DM8)

SWIPER6+version in Vue, rolling vertically

Random number within the specified range

SHELL command line in the program to get the System directory read and write permissions only