文档介绍:Introducing ACLs and Configuring IP ACLs Access Control Lists Outline Overview Standard ACL Statement Processing Configuring Standard IP ACLs Extended ACL Statement Processing Configuring Extended IP ACLs Using Named ACLs and Configuring Named ACLs Configuring vty ACLs Guidelines for Configuring ACLs summary Testing Packets with Numbered Standard IPv4 ACLs ACL Statement Processing Activates the list on an interface. Sets inbound or outbound testing. no ip access-group access-list-number {in | out} removes the ACL from the interface. ip access-group access-list-number {in | out} Uses 1 to 99 for the access-list-number. The first entry is assigned a sequence number of 10, and essive entries are incremented by 10. Default wildcard mask is (only standard ACL). no access-list access-list-number removes the entire ACL. remark lets you add a description to the ACL. access-list access-list-number {permit | deny } source [mask] RouterX(config)# RouterX(config-if)# Numbered Standard IPv4 ACL Configuration Permit work only Numbered Standard IPv4 ACL Example 1 RouterX(config)# access-list 1 permit (implicit deny all - not visible in the list) (access-list 1 deny ) RouterX(config)# interface 0 RouterX(config-if)# ip access-group 1 out RouterX(config)# interface 1 RouterX(config-if)# ip access-group 1 out Deny a specific host Numbered Standard IPv4 ACL Example 2 RouterX(config)# access-list 1 deny RouterX(config)# access-list 1 permit (implicit deny all) (access-list 1 deny ) RouterX(config)# interface 0 RouterX(config-if)# ip access-group 1 out Deny a specific Numbered Standard IPv4 ACL Example 3 RouterX(config)# access-list 1 deny RouterX(config)# access-list 1 permit any (implicit deny all) (access-list 1 deny ) RouterX(config)# interface 0 RouterX(config-if)# ip access-group 1