You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

보안 route access-list

구피천사 2017.10.30 14:05 조회 수 : 125

route access-list

 

Ingress Filtering

Engress Filtering

Watch Mode

Intercept Mode

 

  • 라우터 사용모드
User EXEC 모드
Privileged EXEC 모드
Global Configuration 모드
Other Configuration 모드

 

  • password 설정
Router> enable
Router# configure terminal
Router(config)# enable password XXXXX # 평문 저장
Router(config)# enable secret XXXXX   # 암호화 저장
Router(config)# 
Router(config)# ^Z
Router#

 

  • ACL 설정
Router> enable
Router# configure terminal
Router(config)# no access-list 5   # 5번 삭제
Router(config)# access-list 5 permit host 192.168.1.2
Router(config)# access-list 5 permit host 192.168.1.3
Router(config)# access-list 5 deny any
Router(config)# ^Z
Router# sh access-list 5   # 5번 확인
Standard IP access list 5
      permit 192.168.1.2
      permit 192.168.1.2
      deny any
Router#

 

  • 211.1.1.0/24 대역사용할때
Land Attack 차단
access-list 101 deny ip 211.1.1.0 0.0.0.255 any

 

ip access-group access-lister-number { in|out}

%% access-list access-list-number { permit | deny } protocol source source-wildcard [port] destination destination-wildcard [port] [ established] [log]

 

Ingress Filtering
access-list 101 deny ip host 0.0.0.0 any

 

Egress Filtering 
interface x/y
ip access-group 110 out
access-list 110 permit ip 211.1.1.0 0.0.0.255 any
access-list 110 permit ip 211.1.2.0 0.0.0.255 any
access-list 110. deny ip any any

 

  • Null 라우팅 설정
interface Null0
no ip unreachables
ip route 211.1.1.0 0.0.0.255 Null0

 

  • Buffered Logging 설정
logging on
logging buffered 16000 debugging
service timestamp log date msec local show-timezone

 

  • snmp access-list 설정
no access-list 20
access-list 20 permit host 192.168.x.x
access-list 20 deny any
snmp-server community public ro 20

 

 

 

  • Unicast RPF

>enable

#conf t

(config) # interface FastEthernet 0/0

(config-if) # ip verify unicast reverse-path

(config-if) # end

위로