命名扩展ip访问控制列表配置命令中的port范围Router(config)#ip access-list ?
extended Extended Access List 扩展ACL
standard Standard Access List 标准ACL
Router(config)#ip access-list extended denystuwww
Router(config-ext-nacl)#deny ?
icmp Internet Control Message Protocol ICMP协议
ip Any Internet Protocol IP协议
tcp Transmission Control Protocol TCP协议
udp User Datagram Protocol UDP协议
(以上这些单词各有什么含义?)
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 ?
eq Match only packets on a given port number 等于
established established 激活的链接
gt Match only packets with a greater port number 大于
lt Match only packets with a lower port number 小于
neq Match only packets not on a given port number 非
range Match only packets in the range of port numbers 范围
Router(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 eq www
这条ACL的意思是禁止192.168.30.0/24的机器访问192.168.10.0/24的机器的WWW服务