route access-list

 

Ingress Filtering

Engress Filtering

Watch Mode

Intercept Mode

 

• 라우터 사용모드

User EXEC 모드
Privileged EXEC 모드
Global Configuration 모드
Other Configuration 모드

 

• password 설정

Router> enable
Router# configure terminal
Router(config)# enable password XXXXX # 평문 저장
Router(config)# enable secret XXXXX   # 암호화 저장
Router(config)# 
Router(config)# ^Z
Router#

 

• ACL 설정

Router> enable
Router# configure terminal
Router(config)# no access-list 5   # 5번 삭제
Router(config)# access-list 5 permit host 192.168.1.2
Router(config)# access-list 5 permit host 192.168.1.3
Router(config)# access-list 5 deny any
Router(config)# ^Z
Router# sh access-list 5   # 5번 확인
Standard IP access list 5
      permit 192.168.1.2
      permit 192.168.1.2
      deny any
Router#

 

• 211.1.1.0/24 대역사용할때

Land Attack 차단
access-list 101 deny ip 211.1.1.0 0.0.0.255 any

 

ip access-group access-lister-number { in|out}

%% access-list access-list-number { permit | deny } protocol source source-wildcard [port] destination destination-wildcard [port] [ established] [log]

 

Ingress Filtering
access-list 101 deny ip host 0.0.0.0 any

 

Egress Filtering 
interface x/y
ip access-group 110 out
access-list 110 permit ip 211.1.1.0 0.0.0.255 any
access-list 110 permit ip 211.1.2.0 0.0.0.255 any
access-list 110. deny ip any any

 

• Null 라우팅 설정

interface Null0
no ip unreachables
ip route 211.1.1.0 0.0.0.255 Null0

 

• Buffered Logging 설정

logging on
logging buffered 16000 debugging
service timestamp log date msec local show-timezone

 

• snmp access-list 설정

no access-list 20
access-list 20 permit host 192.168.x.x
access-list 20 deny any
snmp-server community public ro 20

 

 

 

• Unicast RPF

>enable

#conf t

(config) # interface FastEthernet 0/0

(config-if) # ip verify unicast reverse-path

(config-if) # end