Cisco5520 ACL配置
定义时间段 time-range freetimeperiodic weekend 8:00 to 22:00
periodic weekdays 17:00 to 22:00
定义允许通过的协议(服务)
object-group protocol allprot
protocol-object ip
protocol-object udp
protocol-object tcp
protocol-object icmp
protocol-object gre
定义网段或主机
object-group network
object-group network 74-75
network-object 172.19.74.0 255.255.254.0
object-group network 76-79
network-object 172.19.76.0 255.255.252.0
object-group network hosts
network-object host 172.19.74.122
object-group network DM_INLINE_NETWORK_1
group-object 74-75
group-object hosts
定义access-list
access-list outside_access_in extended permit object-group allprot any any
access-list inside_access_in extended permit object-group allprot object-group 76-79 any time-range freetime
access-list inside_access_in extended permit object-group allprot object-group DM_INLINE_NETWORK_1 any
将定义的acl作用到端口
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
页:
[1]