公司AC訪問控制
思科3750
AC在VLAN30
access-list 100 permit tcp 192.168.5.0 0.0.0.31 172.16.0.0 0.0.255.255 eq 443 允許5.30以前的地址訪問
access-list 100 deny tcp any 172.16.0.0 0.0.255.255 eq 443 不允許其它地址訪問443
access-list 100 permit ip any any 允許其它數據通過
interface vlan 30
ip access-group 100 out
telnet 訪問控制 只允許部分管理用戶登錄
access-list 101 permit tcp 192.168.5.0 0.0.0.31 any eq 23 # telnet
access-list 101 permit tcp 192.168.5.0 0.0.0.31 any eq 22 #SSH登錄
line vty 0 4
access-class 101 in
line vty 5 15
access-class 101 in
思科ASA5520 只允許部分管理用戶登錄
telnet 192.168.5.0 255.255.255.224 inside 只允許此段地址登錄asa5520
no telnet 0.0.0.0 0.0.0.0 outside
ssh 192.168.5.0 255.255.255.224 inside
no ssh 0.0.0.0 0.0.0.0 inside
限制登錄流控設備
access-list 100 permit tcp 192.168.5.0 255.255.255.224 host 1.1.1.1 eq 443
access-list 100 permit tcp 192.168.5.0 255.255.255.224 host 10.252.252.252 eq 443
access-list 100 deny tcp any host 1.1.1.1 eq 443
access-list 100 deny tcp any host 10.252.252.252 eq 443
access-list 100 permit ip any any
access-group 100 out interface outside