typhu.ketqua-xoso.

net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

typhu.ketqua-xoso.net
Home

Thc mc v ACL in hay out

On Jul 04, 2011, In Tho lun v cng ngh thng tin , by Post Pic

Nh trong hnh Yu cu l cc host thuc mng 10.0 connect c vi all destination, ngoi tr cc host thuc mng 11.0 em vit ACLs nh th ny access-list 10 deny 192.168.11.0 0.0.0.255 access-list 10 permit any Xong em p vo port fa0/0 outbound Tc l ng yu cu bi ri Nhng gi em i li thnh in, tc l cc gi tin t 10.0 khi ra ngoi s b kim sot theo em ngh th th ny, khi 10.0 ping 11.0 th ping ok nhng khi 11.0 reply li th s gp ACLs v ko reply c vy th in hay out cng chung 1 ngha thi (trong trng hp ny)vy m ko hiu sao khi i t out thnh in th 2 mng li connect bnh thng. Cc bro bit th ch gio vi

4 Responses to Thc mc v ACL in hay out

1. Reply says:

1 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

July 4, 2011 at 3:56 am 2. Reply says: July 4, 2011 at 3:56 am Trch: Nguyn vn bi VienHuynh Cho bn Kin thc c hn nn nu Vin ni sai mong bn sa gip lm tt cng vic thit k ACL, bn cn nm r cc nguyn tc c bn ca ACL. - Vi ACL, cc tip cn tt nht l hy apply ACL trn interface gn vi source traffic nht - ACL c 4 khi nim m bn cn hiu r + Out: Traffic "i ngang" qua router v chun b ra khi interface + In: Traffic "ng" router v chun b i vo interface + Inbound ACL: Khi traffic "ng" router, router nhn packet ny v kim tra cc thng s trn ACL tng ng applied trn interface ny. + Outbound ACL: Router nhn packet ny v so snh vi bng routing table v route qua interface outbound. Trc khi router route packet ra interface outbound, n s kim tra cc thng s trn ACL tng ng applied trn Interface ny. C mt c im nhn ra hng in hay hng out. + In: Traffic source thng bt ngun t 1 segment mng nht nh v destination ca ACL ny thng l any + Out: Traffic source ca ACL ny thng l any v destination ca n l mt segment nht nh. Quay li bi ton ca bn, bn vit ACL khng sai nhng hng apply ca bn li khng chnh xc ( Vin khng dng t sai hon ton ). Vin s gii thch cho bn ti sao. Bn p ACL hng OUT trn Fa0/0 : Bn gii thch ng nn yu cu bi ton tha mn. Bn p ACL hng IN trn Fa0/0: ACL ca bn nh sau. Vin s m phng gi tin ICMP khi n "ng" router hng IN trn Fa0/0 ICMP request: access-list 10 deny 192.168.11.0 0.0.0.255 ( kim tra khng match chuyn xung statement k) access-list 10 permit any (kim match > packet routed!> 2 mng connect bnh thng) Kt qu: Permitted! #Implicit deny any any ICMP reply: packet ng interface Fa0/1 (kim tra khng c ACL, so snh routing table> route qua interface Fa0/0) ACL hng IN nhng ICMP reply l hng OUT, Cisco IOS b qua v route ra interface Fa0/0

2 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

Kt qu: Permitted! Vy l bn ping mng 11 v bn nhn c reply-> 2 mng thng nhau Xin lu , mt khi packet match mt statement no trong ACL th qu trnh kim tra s chm dt. V vy Implicit deny any any khng c kim tra. Vin tin l bn hiu vn Thn mn Vin Hunh

mnh va hiu ra vn trc khi c bi ca bn tm na ngy c m c bi ca bn th hiu thm c na, v nm r hn na goodbi hng dn rt chi tit. Thanks bn! 3. Reply says: July 4, 2011 at 3:56 am Cho bn Kin thc c hn nn nu Vin ni sai mong bn sa gip lm tt cng vic thit k ACL, bn cn nm r cc nguyn tc c bn ca ACL. - Vi ACL, cc tip cn tt nht l hy apply ACL trn interface gn vi source traffic nht - ACL c 4 khi nim m bn cn hiu r + Out: Traffic "i ngang" qua router v chun b ra khi interface + In: Traffic "ng" router v chun b i vo interface + Inbound ACL: Khi traffic "ng" router, router nhn packet ny v kim tra cc thng s trn ACL tng ng applied trn interface ny. + Outbound ACL: Router nhn packet ny v so snh vi bng routing table v route qua interface outbound. Trc khi router route packet ra interface outbound, n s kim tra cc thng s trn ACL tng ng applied trn Interface ny. C mt c im nhn ra hng in hay hng out. + In: Traffic source thng bt ngun t 1 segment mng nht nh v destination ca ACL ny thng l any + Out: Traffic source ca ACL ny thng l any v destination ca n l mt segment nht nh. Quay li bi ton ca bn, bn vit ACL khng sai nhng hng apply ca bn li khng chnh xc ( Vin khng dng t sai hon ton ). Vin s gii thch cho bn ti sao. Bn p ACL hng OUT trn Fa0/0 : Bn gii thch ng nn yu cu bi ton tha mn. Bn p ACL hng IN trn Fa0/0: ACL ca bn nh sau. Vin s m phng gi tin ICMP khi n "ng" router hng IN trn Fa0/0
3 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

ICMP request: access-list 10 deny 192.168.11.0 0.0.0.255 ( kim tra khng match chuyn xung statement k) access-list 10 permit any (kim match > packet routed!> 2 mng connect bnh thng) Kt qu: Permitted! #Implicit deny any any ICMP reply: packet ng interface Fa0/1 (kim tra khng c ACL, so snh routing table> route qua interface Fa0/0) ACL hng IN nhng ICMP reply l hng OUT, Cisco IOS b qua v route ra interface Fa0/0 Kt qu: Permitted! Vy l bn ping mng 11 v bn nhn c reply-> 2 mng thng nhau Xin lu , mt khi packet match mt statement no trong ACL th qu trnh kim tra s chm dt. V vy Implicit deny any any khng c kim tra. Vin tin l bn hiu vn Thn mn Vin Hunh 4. Reply says: July 4, 2011 at 3:56 am hay qu cm n bn nhiu lm

Advertising

Featured Video

4 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

Flickr gallery

Danh mc
Cc vn v phn cng Cng nghip, Xy dng Hng in t, nhc c K thut t Linh kin Phn cng My nh, my quay, thit b M t Mobile, PDA Mua bn t xe my Rao vt Tho lun v cng ngh thng tin Tho lun v t Tin hc vn phng Uncategorized xe

Bi mi nht
acatel ot-255d gi r c ng mua.? ng tng ta l gii.kinh nghim au thng chia s cng cc ae T vn dm e nn mua in thoi no tm 8-10tr! [ T VN] SS Captivate ch no ? Phan V Mobile , ng Sng Mobile ? Cn bn HTC HD2 6tr ban o to de len doi o to moi
5 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

Bn t ln xe i mi Thanh l t, k g, thanh treo inox shop baby ch 18 triu Cung cp bao eo th: da, nha do, khung eo th, Yoyo eo th. qua tang trung thu

Lien ket nhanh

dao tao bat dong san toyota venza dao tao dau thau dao tao quan ly du an lam dep chong lao hoa m phm dng da thc phm chc nng thuoc ho tro giam can may trac dia may toan dac dien tu 526 Mt vi li khuyn khi chp nh di nc, im n hp dn - Tri n ph n Vit Nam., c sn chut ng ma nc lt, 50 doanh nghip hng u nhn Gii thng Du lch Vit Nam, Nhng thc n k nhau Nhn Vin Kinh Doanh/gim St Bn Hng Nhn Vin K Ton Nhn Vin K Ton Nhn Vin Kinh Doanh K Tan Doanh Nghip Iphone 4s

Recent Posts
acatel ot-255d gi r c ng mua.? ng tng ta l gii.kinh nghim au thng chia s cng cc ae T vn dm e nn mua in thoi no tm 8-10tr! [ T VN] SS Captivate ch no ? Phan V Mobile , ng Sng Mobile ?

Categories
Cc vn v phn cng Cng nghip, Xy dng Hng in t, nhc c K thut t Linh kin Phn cng My nh, my quay, thit b M t Mobile, PDA Mua bn t xe my Rao vt

6 of 7

10/18/2011 11:37 AM

typhu.ketqua-xoso.net Thc mc v ACL in hay out

http://typhu.ketqua-xoso.net/2011/07/04/thc-mc-v-acl-in-hay-out-2/

Tho lun v cng ngh thng tin Tho lun v t Tin hc vn phng xe

Contact Us
Address: Please edit the contact.php file to update this info Telephone: +12-345-888888 E-mail: no@emailcom Copyright typhu.ketqua-xoso.net. Error updating theme style. Please check folder permissions on the theme folder (should be 777).

7 of 7

10/18/2011 11:37 AM