172.16.130.0 to any host on network 10.0.0.0. In line 4, we are denying
packets with the source address that belongs to subnet 172.16.130.0 to the
destination of host 192.168.10.118. Line 5 tells us that we are permitting all
IP packets with no concern of a source or destination address. The implicit
deny all will deny all other traffic that passes through the interface to which
we have applied the access list. In Figure 2.3, we would apply this access list
on the serial 0 interface in the outbound direction as follows:
Router(config)# interface serial 0Router(config-if)# ip access-group 141 outAn example of an extended access list is as follows:
access-list 141 permit ip 172.16.130.88 0.0.0.0 10.0.0.0 0.255.255.255access-list 141 permit ip 172.16.130.89 0.0.0.0 10.0.0.0 0.255.255.255access-list 141 permit ip 172.16.130.90 0.0.0.0 10.0.0.0 0.255.255.255access-list 141 deny ip 172.16.130.0 0.0.0.255 192.168.10.118 0.0.0.0access-list 141 permit ip 0.0.0.0 255.255.255.255 0.0.0.0
Bạn đang xem 172. - Syngress Managing Cisco Network Security