cisco ACL策略配置和查看
首选查看设备有哪些关于ACL的配置,可以使用以下命令:44-SW4#show running-config | section access
ip access-group 100 in
access-list 100 permit eigrp any any
access-list 100 deny icmp any any
查看acl的具体情况,包括acl类型、acl序号、条目、条目序号、match数量等等
44-SW4#show ip access-lists
Extended IP access list 100
10 permit eigrp any any (24 matches)
20 deny icmp any any
插入acl条目,如在条目10和20之间插入序号为15的条目,如下所示:
44-SW4#configure terminal
44-SW4(config)#ip access-list extended 100
44-SW4(config-ext-nacl)#15 permit icmp any any
44-SW4(config-ext-nacl)#end
44-SW4#show ip access-lists 100
Extended IP access list 100
10 permit eigrp any any (60 matches)
15 permit icmp any any
20 deny icmp any any
删除序号为15的条目,如下所示:
44-SW4#configure terminal
44-SW4(config)#ip access-list extended 100
44-SW4(config-ext-nacl)#no 15
44-SW4(config-ext-nacl)#end
44-SW4#show ip access-lists 100
Extended IP access list 100
10 permit eigrp any any (140 matches)
20 deny icmp any any
以下为错误的删除方式,将导致整个acl被删除:
44-SW4#configure terminal
44-SW4(config)#no access-list 100 permit icmp any any
44-SW4(config)#end
44-SW4#show ip access-lists 100
44-SW4#
页:
[1]