收藏
下载资源

访问控制列表和地址换原理

上传人:宝路 文档编号:47834516 上传时间:2018-07-05 格式:PPT 页数:67 大小:1.90MB
返回 下载 相关 举报
访问控制列表和地址换原理_第1页
第1页 / 共67页
访问控制列表和地址换原理_第2页
第2页 / 共67页
访问控制列表和地址换原理_第3页
第3页 / 共67页
访问控制列表和地址换原理_第4页
第4页 / 共67页
访问控制列表和地址换原理_第5页
第5页 / 共67页
点击查看更多>>
资源描述

《访问控制列表和地址换原理》由会员分享,可在线阅读,更多相关《访问控制列表和地址换原理(67页珍藏版)》请在金锄头文库上搜索。

1、HUAWEI TECHNOLOGIES CO., LTDHUAWEI Confidential Security Level: DP500001 访问控制列 表和地址转换原理ISSUE 1.0InternalEvaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.C

2、opyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI

3、Confidential l学习完本课程,您应该能够:理解访问控制列表的 基本原理理解地址转换的基本 原理Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.E

4、valuation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI Confidential IP包过滤技术介绍l对路由器需要转发的数据包,先获取包头信息,然后和设定的

5、规则进行比较,根据比较的结果对数据包进行转发或者丢弃。而实 现包过滤的核心技术是访问控制列表。Internet公司总部内部网络未授权用户办事处Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd

6、.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI Confidential 访问控制列表的作用l访问控制列表可以用于

7、防火墙;l访问控制列表可以用于Qos(Quality of Service),对数据流量 进行控制;l在DCC中,访问控制列表还可用来规定触发拨号的条件;l访问控制列表还可以用于地址转换;l在配置路由策略时,可以利用访问控制列表来作路由信息的过 滤。Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-

8、2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLO

9、GIES CO., LTD.HUAWEI Confidential 访问控制列表是什么?l一个IP数据包如下图所示(图中IP所承载的上层协议为 TCP/UDP):IP报头TCP/UDP报头数据协议号源地址目的地址源端口目的端口对于TCP/UDP来说,这5个 元素组成了一个TCP/UDP相 关,访问控制列表就是利用 这些元素定义的规则Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3

10、.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyrigh

11、t 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI Confidential 如何标识访问控制列表?l利用数字标识访问控制列表l利用数字范围标识访问控制列表的种类列表的种类类数字标识标识 的范围围IP standard list2000-2999IP extended list3000-3999Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose

12、.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspos

13、e Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI Confidential 标准访问控制列表l标准访问控制列表只使用源地址描述数据,表明是允许还是拒 绝。从202.110.10.0/24来 的数据包可以通过!从192.110.10.0/24来 的数据包不能通过!路由器Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with A

14、spose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011

15、Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIES CO., LTD.HUAWEI Confidential 标准访问控制列表的配置l配置标准访问列表的命令格式如 下:acl acl-number match-order auto | config rule normal | special permit | deny source source-addr source-wildcard | any 怎样利用 IP 地址 和 反掩码wildcard-mask 来表示 一个网段?Evaluation only

16、.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.Evaluation only.Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0.Created with Aspose.Slides for .NET 3.5 Client Profile 5.2.0.0. Copyright 2004-2011 Aspose Pty Ltd.Copyright 2004-2011 Aspose Pty Ltd.HUAWEI TECHNOLOGIE

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 中学教育 > 教学课件

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号