UC知道关于access-list访问控制列表的问题
来源:百度知道 编辑:UC知道 时间:2024/06/07 23:30:33
只封禁一台地址为193.62.40.230主机的access-list的正确配置是
A,access-list 110 permit ip any any
access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
B,access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
access-list 110 permit ip any any
C,access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
D,access-list 110 deny ip host 193.62.40.230 any
access-list 110 permit ip any any
access-list 110 deny ip any host 193.62.40.230
上面哪个是正确的,为什么,其它的错的原因是什么?
A,access-list 110 permit ip any any
access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
B,access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
access-list 110 permit ip any any
C,access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
D,access-list 110 deny ip host 193.62.40.230 any
access-list 110 permit ip any any
access-list 110 deny ip any host 193.62.40.230
上面哪个是正确的,为什么,其它的错的原因是什么?
B是正确的
因为acl的读取顺序是从第一条开始,直到找到符合的为止,同时,任何一条acl在最后都会有一条隐含的deny ip any any,所以,综合这两点,你就可以判断了