ip access-group num in
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 一直以为自己对这个ip access-group num in | out 应用很理解,当自己做实验分析的时候分现很模糊,以下是认真的分析总结: 首先: 路由器每个接口应用ACL是针对每个数据包的过滤,三层是IP数据包,
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入
一直以为自己对这个ip access-group num in | out 应用很理解,当自己做实验分析的时候分现很模糊,以下是认真的分析总结:
首先:
路由器每个接口应用ACL是针对每个数据包的过滤,三层是IP数据包,二层是数据帧MAC
路由器对自己内部产生的数据不会起作用
in就是路由器接口收到的数据,out就是路由器接口离开的数据
站在路由器的角度,路由器只能是一个接口in,从另一个接口out(不会是从一个接口in,又从这个接口out)
(有一个很恶心的比喻:人是router吃是in大便是out)
如下图:一个纯LAN的网络,在R1的f0/0应该ip access-group /out
!
interface FastEthernet0/0
ip address .1 255.255.255.0
ip access-group 1 out
duplex auto
speed auto
!
access-list 1 deny .2
access-list 1 permit .3
如果:ACL在接口out方向不起数据包过滤的作用
R1#ping .2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/44/136 ms
R1#ping .3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/43/136 ms
分析为什么:在R1路由器产生ping .2的数据包,源地址12.1.1.1,目的地址12.1.1.2但由于是路由器自己产生的数据包在接口上不起作用,所以相对f0/0的out方向不起作用。看回的ping包,从R2路由器产生回包,源地址12.1.1.2,目的地址12.1.1.1相对R1的f0/0接口是in方向,但没做in方向的数据过滤,同理ping 12.1.1.3也通
!
interface FastEthernet0/0
ip address .1 255.255.255.0
ip access-group
duplex auto
speed auto
!
相反在f0/0接口上起in方向的数据过滤结果:
R1#
R1#ping .1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .1, timeout is 2 seconds:
....
Success rate is 0 percent (0/4)
R1#ping .2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .2, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
R1#ping .3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to .3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = ms
结果分析:R1路由器自己产生数据包ping .2 源地址:12.1.1.1,目的地址:12.1.1.2,相对f0/0接口数据发送出去,但是内部自己产生的数据包不起作用,所以发送成功,看回的数据包,R2产生回的数据包,源地址:12.1.1.2,目的地址:12.1.1.1到达R1的f0/0接口相对R1路由器f0/0就是为in方向这时作用ACL过滤,过滤掉源为12.1.1.2的地址,所以不成功
相反,源地址.3满足ACL,所以ping通.
总之,访问列表设计为过滤通过路由器的流量,但不过滤路由器产生的流量。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What to do if the screen resolution cannot be adjusted (it can be easily done in just a few simple steps)
Apr 20, 2024 pm 09:56 PM
But sometimes the resolution of our mobile phones will change with the resolution, and the parameters will become more and more precise. Now the configuration of mobile phones is constantly improving, so what should I do if the resolution of mobile phones cannot be adjusted? The resolution of mobile phone screens is also improving? Let’s take a look below! What should I do if I can’t adjust the resolution of my phone? The method is to enter the settings. It is also possible for other mobile phones. It is recommended to adjust it in the software settings. If the phone resolution follows the requirements, adjust "More" in the settings, then scroll down and find, click "Display" and enter the options. "display resolution". After clicking and finally clicking, a window showing the resolution will pop up. The size can be adjusted to the screen resolution you need. Just click "OK". You can also click "Automatically adjust resolution" to watch for a long time
Honor 10 frequently freezes and restarts after upgrading to Hongmeng (How to restart Huawei mobile phones)
Apr 23, 2024 pm 06:30 PM
And it also brings different choices to consumers in terms of price. After more than half a year of hot sales, Honor mobile phones have become more outstanding with their own cost performance, and they also have many excellent models in the domestic mobile phone market. Next I would like to share with you “10 Restart Tips” to make your phone run more smoothly and stably. Let’s take a look together. Tips: The phone is stuck and slow to respond. Open the phone's settings. In fact, the phone is stuck and slow to respond. It may be caused by our daily use - system - and then select the processor settings as no more than 3 months, developer options. Tips: Mobile phone software consumes battery power quickly because of the use of some unnecessary self-starting applications in the phone. Many people think that this phenomenon is not worth it for us, so close unnecessary self-starting applications in the phone.
How to convert avi format (online conversion skills for mobile avi format)
Mar 30, 2024 am 10:16 AM
The previous article introduced you to "How to convert videos to mp4 format? How to convert RMVB videos to mp4?" Let's take a look at it. This issue will continue to introduce you to the relevant knowledge of converting videos to mp4. People have doubts about how to convert videos to mp4. Why can’t video and audio formats be converted to each other? When many friends see the video? Then converting video to mp4 is very simple. In fact, it is easy to understand if it is a video file format. Convert the video you need into mp4 format. Let’s continue to demonstrate a relatively simple and lossless conversion method. Method Clipchamp Video Converter Step 1: Download and install Clipchamp Video Converter. and open, install it to
What is the current mobile live broadcast sound card (cost-effective mobile phone sound card)
Apr 07, 2024 pm 07:43 PM
Although there are many types of sound cards on the market, their quality and effects vary. Live broadcast sound cards are a must-have for anchors. This article will introduce you from multiple angles to how to choose a live broadcast sound card that suits you. 1. A comprehensive sound card. First of all, you need a sound card with comprehensive functions and excellent quality. If you want to have an excellent live broadcast sound card. Such as XXX, YYY, etc., there are many brands of sound card products on the market. Choose the right brand and model according to your budget and needs. 2. Understand different types of sound cards. It is important to understand different types of sound cards before purchasing a sound card. There are three common types on the market: passive, all-in-one, and active. Suitable for anchors with limited budget or personal use, the active sound card has the ability to record rich sound effects.
Current mobile phone processor ranking Android (current performance mobile phones)
Apr 07, 2024 pm 07:37 PM
It is very important for daily use of mobile phones. Whether it is used for playing games, it is the main factor that directly determines the performance of a mobile phone. The processor is the main factor that directly determines the performance of a mobile phone when we use it daily. In the current market, the most powerful mobile phone processor is undoubtedly the Qualcomm Snapdragon 870 processor, which is almost unrivaled. This processor is currently the most powerful processor. This content shows that the Snapdragon 870 processor is one of the current processors in the Android camp and has powerful performance. In the current mobile phone market, its storage and natural performance are no less than the Snapdragon 888 processor. It has 12GB/256GB/512GB storage version, supports LPDDR5 high-speed memory, the GPU is Adreno650, and uses 4 CortexA77
Nokia n900 automatically starts the camera to take pictures (how to use the Nokia camera function)
Apr 10, 2024 pm 04:13 PM
It has really increased our burden. Whether commuting to work or taking a mobile phone out with us at work, today's mobile phones have become an indispensable tool in our lives. Then the mobile phone becomes a serious problem, so suddenly there is no camera to take pictures. We have to import the photos from the mobile phone to the computer to save them. Sometimes when we go out to play. Today I will teach you how to import photos to your computer using your Nokia n900 mobile phone. It is very convenient. It can help us import the camera's photo program directly into the computer, eliminating the need to use the camera. It comes with a very easy-to-use function. Our Nokia N900 mobile phone is the same as the current mainstream mobile phones, called NEW Plug-in! The following uses Xiaomi mobile phone as an example to demonstrate the operation, as shown below:
Which Android phone to use currently (recommended 2024 Android flagship phone)
Apr 06, 2024 pm 05:01 PM
Android phones are becoming more and more powerful in the market with the continuous advancement of technology. To satisfy consumers' pursuit of performance and functionality, major manufacturers have launched their own flagship mobile phones. In terms of design and user experience, which phones stand out among the many Android flagship phones and can perform well? We will recommend five high-performance Android flagship phones for you next. 1. Huawei Mate50Pro: With super performance and excellent shooting capabilities, equipped with an excellent screen and camera, and equipped with a powerful Kirin 9000 processor, Huawei Mate50Pro can be said to be excellent in terms of hardware configuration. It also supports 5G network connection, allowing users to enjoy high-speed communication and smooth gaming experience. It not only has high resolution and excellent camera capabilities.
What is the current wall-penetrating router (the most recommended router to buy in 2024)
Apr 06, 2024 pm 05:01 PM
Therefore, the most important thing at home is naturally the Internet. With the popularity of smartphones, we cannot do without the Internet. Whether it is studying, almost all of us cannot do without our mobile phones, entertainment or work. When the Internet speed at home is extremely fast, sometimes you don’t need to worry too much and just walk to the place where WiFi is needed. Especially during our Chinese New Year, the network at home is very fast, and faster than the air conditioner. It still feels a little laggy, but after a period of use. Therefore, if you want to ensure the speed and stability of WiFi at home, it is very important to choose a router with strong wall penetration capabilities, considering that most people’s lifestyle is connected to the Internet. Farewell, today I will recommend several routers that are cheap and can penetrate walls. Don’t underestimate the “small size” of these routers. Huawei Road
