port acl
僅用於二層物理接口access、trunk入口
mac access-list extended xxx
deny XXXX
permit XXXX
int g0/1
mac access-group xxx in
僅用於二層物理接口access、trunk入口
mac access-list extended xxx
deny XXXX
permit XXXX
int g0/1
mac access-group xxx in
router acl
ip access-list extended XX
deny ip source destination
permit XX XX XX XX
time-range XX
absolute start 00:00 1 Jan 2008 end 23:56 1 Jan 2008
periodic {weekdays/weeked/daily/(day-of-the-week)} hh:mm
int g0/1
ip access-group XX in/out
line vty 0
access-class XX in/out(不能用命名)
ip access-list extended XX
deny ip source destination
permit XX XX XX XX
time-range XX
absolute start 00:00 1 Jan 2008 end 23:56 1 Jan 2008
periodic {weekdays/weeked/daily/(day-of-the-week)} hh:mm
int g0/1
ip access-group XX in/out
line vty 0
access-class XX in/out(不能用命名)
vlan map
定義ACL、二層或三層
做到同一個網段不能通迅,都可以上網
vlan access-map XXX 10
match ip address ip_acl
action drop
exit
vlan access0map XXX 20
match ip address mac_acl
action forword
exit
vlan filter XXX vlan-list 1-3
數據包的類型爲vlan map條目中有的,但沒匹配上,drop
數據包的類型是map 中沒有定義的確行爲也沒指定,forward
vlan map 與 port acl一起用有衝突