2013年12月26日木曜日

Ciscoの名前付きじゃないACLで途中に行を挿入する

まず、既存

R3#show run | inc access-list
access-list 100 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255
R3#show access-lists
Extended IP access list 100
    10 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
    20 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
    30 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
    40 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
    50 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255

以下で途中にACLを挿入する


R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#ip access-list extended 100
R3(config-ext-nacl)#35 permit ip host 192.168.99.99 host 192.168.1.1
R3(config-ext-nacl)#do sh run | inc access-list
access-list 100 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
access-list 100 permit ip host 192.168.99.99 host 192.168.1.1
access-list 100 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255
R3(config-ext-nacl)#do sh access-list
Extended IP access list 100
    10 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
    20 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
    30 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
    35 permit ip host 192.168.99.99 host 192.168.1.1
    40 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
    50 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255
R3(config-ext-nacl)#exit

さらににACLを10始まりで、10ずつにシーケンスNoを再構成する

R3(config)#ip access-list resequence 100 10 10
R3(config)#do sh run | inc access-list
access-list 100 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
access-list 100 permit ip host 192.168.99.99 host 192.168.1.1
access-list 100 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
access-list 100 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255
R3(config)#do sh access-list
Extended IP access list 100
    10 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255
    20 permit ip host 192.168.1.1 192.168.3.0 0.0.0.255
    30 permit ip host 192.168.1.1 192.168.4.0 0.0.0.255
    40 permit ip host 192.168.99.99 host 192.168.1.1
    50 permit ip host 192.168.1.1 192.168.5.0 0.0.0.255
    60 permit ip host 192.168.1.1 192.168.6.0 0.0.0.255
R3(config)#
投稿者 時刻:
ラベル: , ,

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)