Bao Caothuc Tap Tot Nghiep

8/12/2019 Bao Caothuc Tap Tot Nghiep

1/24

- 0 -

BBooCCooTThhccTTppTTttNNgghhiipp

CChh::QQuunnlllluunnggddlliiuubbnnggAACCLL

GV : Th.S Nguyn Thanh Ton

Sinh vin: Phan ThKim Xuyn

M sv: 1022192

Lp: MMT&TTK51

H Ni, 122013

TTrrnnggiihhccGGiiaaootthhnnggvvnnttii

KKhhooaaCCnnggnngghhtthhnnggttiinn***************


2/24

- 1 -

Mc Lc

Contents

I. Gii thiu chung................................................................................................................................ - 2 -

II. Hot ng ca ACL........................................................................................................................ - 2 -

1.Tm hiu vACL ................................................................................................................................... - 2 -

2.Hot ng ca ACL ............................................................................................................................... - 5 -

3.Phn l oi ACL ....................................................................................................................................... - 8 -

4.Xc nh ACL ........................................................................................................................................ - 9 -

5.ACL wil dcard masking ........................................................................................................................- 11 -

III. Cu hnh ACL:.............................................................................................................................- 13 -

1.Cu hnh numbered standar d IPv4 ACL ............................................................................................- 14 -

2.Cu hnh numbered extended IPv4 ACL ...........................................................................................- 14 -

3.Cu hnh named ACL .........................................................................................................................- 16 -

IV. Cc lnh kim tra trong ACL .....................................................................................................- 18 -

V. Cc loi khc ca ACL .................................................................................................................- 18 -

1.Dynamic ACL(lock-and-key) ..............................................................................................................- 19 -

2.Refl exive ACL ......................................................................................................................................- 21 -

3.Time-based ACL ..................................................................................................................................- 22 -


3/24

- 2 -

QUN L LUNG DLIU BNG ACL

I. Gii thiu chungNgy nay cng vi stin bca khoa hc v cng ngh, hthng mng l mt

giiphp c la chn hng u cho vic truyn ti dliu, v v vy bo mttrong hthng mng l mt vn ang c quan tm. Mt trong nhng cng crt quan trng trong Cisco Router c dng trong lnh vc bo mt l AccessControl List(ACL). y l mt tnh nng gip bn c thcu hnh trc tip trnRouter to ra mt danh sch cc a chm bn c thcho php hay ngn cnvic truy cp vo mt a chno .Access List c 2 loi l Standard Access List v Extended Access List:

Standard Access List : y l loi danh sch truy cp m khi cho php hayngn cn vic truy cp, Router chkim tra mt yu tduy nht l a chngun

Extended Access List: y l loi danh sch truy cp mrng hn so vi loiStandard, cc yu tva chngun, a chch, giao thc, port.. sc kimtra trc khi router cho php vic truy cp hay ngn cn.

Bn cng c thcu hnh Standard v Extended ca Cisco IOS ACL trn cccng (interface) ca Router cho vic kim sot truy cp kim sot cc loi lulng c php thng qua. Cc tnh nng ca Cisco IOS c p dng vo cccng giao din theo nhng hng dn cth(chiu dliu vo vi chiu dliu ira). Phn ny sm thot ng ca cc loi khc nhau ca ACL v cho bn thylm thno cu hnh IP phin bn 4(IPv4) ACL.

II. Hot ng ca ACLTm hiu vvic sdng danh sch kim sot truy cp (ACL) cho php bn

xc nh lm thno thc hin chng trn mng Cisco ca bn. ACL c thcung cp mt tnh nng an ninh mng quan trng v lc cc gi tin vo v ra cccng giao din ca router.

Phn ny m tmt sng dng cho ACL trn cc mng Cisco, xc nh ccloi khc nhau ca ACL c thc thc hin v gii thch cc quy trnh Cisco

IOS software thc thi ACL.

1.Tm hiu vACLc thcu hnh v thc hin cc ACL, bn cn phi hiu c nng lc cachng c sdng. ACL c sdng vo hai chc nng chnh l phn loiv lc.


4/24


5/24

- 4 -

Hnh 1-2: Blc ca ACL

Cisco cung cp ACL cho php hoc tchi nhng iu sau y:- Vic vt qua ca cc gi tin n hoc tcc cng ca router v lu lng

qua cc router.

- Lung dliu Telnet truy cp vo hoc ra khi cng vty router qun lrouter.

Theo mc nh, tt clu lng IP c php vo ra khi tt ccc giaodin router

Khi cc router loi bgi tin, mt sgiao thc(protocol) trvmt gi tinc bit thng bo cho ngi gi l im n khng thkt ni. i vicc giao thc IP, ACL c khnng loi bkt qutrong mt Destinationunreachable phn hi cho vic ping v mt Administratively prohibited

phn hi ca vic traceroute.

IP ACL c thphn loi v phn bit cc lung dliu. Phn loi cho phpbn chnh xl c bit cho lung dliu c xc nh trong mt ACL,chng hn nh sau:

Xc nh cc loi hnh dliu phi c m ha trn mt mng ringo (VPN) kt ni.

Xc nh cc tuyn ng(router) sc phn phi tcc giao thcnh tuyn vi nhau.

Sdng vi blc cho cc tuyn ng xc nh cc tuyn ngsc bao gm trong cc bn cp nht nh tuyn gia cc router.

Sdng vi chnh sch da trn nh tuyn(policy-based routing) xc nh cc loi hnh giao thng c chuyn qua mt lin kt ca chcn dch

Sdng vi Network Address Translation(NAT) xc nh c achcn dch.


6/24


7/24

- 6 -

Hnh 1-4: v dca mt outbound ACL

Khi mt gi i vo mt giao din, router kim tra bng nh tuyn xem nu

gi dliu c nh tuyn. Nu gi tin khng phi l nh tuyn, n bbriTip theo, router skim tra xem liu cc giao din im n l nhm li vi

mt ACL. Nu giao din ch khng phi l nhm li vi mt ACL, gi tin cthc gi ti bm u ra(output buffer).

V dvcc hot ng outbound ACL nh sau:

- Nu giao din i l S0, cng khng c nhm li vi mt outbound ACL,gi tin c gi n S0 trc tip.

- Nu giao din ngoi l S1, l cng c nhm li vi mt outbound ACL,gi tin khng c gi ra trn S1 cho n khi n c kim tra bi skthp ca ACL c lin quan vi giao din . Da trn cc iu kin caACL, gi tin c cho php hay tchi.

i vi cc danh sch gi i(outbound lists), to permit c ngha l gi ccgi dliu vi bm u ra, v to deny c ngha l loi bcc gi tin.


8/24

- 7 -

Vi mt inbound ACL, khi mt gi tin i vo mt giao din, router kim tra xem liu cc giao din ngun(source interface) c c nhm li vi mtACL. Nu giao din ngun khng c nhm li vi mt ACL, router kim tra

bng nh tuyn xem nu gi dliu c nh tuyn. Nu gi tin khng phil nh tuyn, bnh tuyn tchi cc gi tin.

V dvcc hot ng inbound ACL nh sau:

- Nu giao din trong l S0, l cng khng c nhm li vi mt inboundACL, cc gi dliu c xl bnh thng, v router skim tra xemliu gi tin c nh tuyn.

- Nu giao din trong l S1, l cng c nhm li vi mt inbound ACL,gi tin khng c xl v cc bng nh tuyn khng phi l iu kincho php gi tin i hay khng cho n khi n c kim tra bskt hpca ACL c lin quan n giao din . Da trn cc iu kin tha mn

ACL hay khng, gi tin c cho php hay tchi.

i vi cc danh sch gi n(inbound lists) , to permit c ngha l tiptc qu trnh cc gi tin sau khi nhn c n trn mt giao din trong, v todeny c ngha l loi bcc gi tin.

ACL hot ng theo mt tun trt logic. N nh gi cc gi tin ttrnxung di, mt tuyn bti mt thi im. Nu mt tiu gi tin v biuACL tha mn, phn cn li ca statement trong danh sch bbqua v gi dliu c cho php hoc tchi c xc nh bi cc cu lnh xut hin. Numt tiu gi tin khng ph hp vi mt iu kin ACL, gi tin c an kim tra bi mt iu kin tip theo trong danh sch. Qu trnh ny ctip tc cho n cui danh sch cc iu kin. Hnh 1-5 cho thy lu lng hpl ca bo co nh gi.


9/24


10/24


11/24

- 10 -

Cc tn ACL c tnh nng cho php bn xc nh IP chun v ACL mrngmt chui chs(tn) thay v cc i din s. t tn IP ACL cung cp cho

bn linh hot hn trong vic vi cc mc ACL.

Truy cp danh sch nh sthtnhp c nhiu li ch: Bn c thchnh sa theo thtcc lnh ACL. Bn c thloi bcc bo co c nhn tmt ACL

Thit kv thc thi tt ACL l thc hin thm mt thnh phn bo mt quantrng i vi mng ca bn. Thc hin theo cc nguyn tc chung m borng cc ACL bn to ra c cc kt qudkin: Cn cvo cc iu kin kim tra, hy chn mt standard hoc

extended, nh s, hoc dng tn ACL. Chc mt ACL trn giao thc, mi hng v mi giao din c cho

php. Nhiu ACL c php cho mi giao din, nhng mi giao dinphi c cho mt giao thc khc nhau hoc cc hng khc nhau.

ACL nn c tchc cho php xl ttrn xung. Tchc ACltham kho cthcho mt mng hoc mng con xut hin trcnhng iu tng qut hn. t iu kin xy ra thng xuyn hntrc khi cc iu kin xy ra t thng xuyn.

ACL c cha mt tim n tchi bt k cui cng:


12/24

- 11 -

-Trkhi kt thc ACL vi mt iu kin cho php r rng, theo mc nh,ACL tchi tt clu lng truy cp m khng ph hp bt k ca ccdng ACL.

-Mi ACL nn c t nht mt tuyn bcho php. Nu khng, tt clulng u btchi.

Nn to cc ACL trc khi p dng n vo mt giao din. Ty thuc vo cch p dng ACL, cc ACL blc hoc i quarouter

hoc i n tcc bnh tuyn, chng hn nh lu lng truy cp nhoc tcc ng vty.

Nn t extended ACLs cng gn cng tt vi ngun (source) ca lulng m bn mun tchi(deny). V standard ACL khng chnh achch(destination address), bn phi t standard ACL cng gn cngtt n im n m bn mun tchi v vy ngun c thtip cn

mng li trung gian.

5.ACL wildcard maskingBlc a chxy ra khi dng a chACL wildcard masking xc nh nhnchch thc kim tra hoc tchi nhng bits a chIP tng ng. Wildcardmasking ca cc bits ca a chIP dng s1 v 0 xc nhn cch thc ixvi nhng bits IP tng ng, nh sau:

Wildcard mask bit 0: Lin kt vi gi trbit tng ng cho a ch.

Wildcard mask bit 1: Khng kim tra vi gi trbit tng ng trong a ch.Note: Mt wildcard bit thng coi l mt inverse mask.

Vi siu chnh wildcard mask, c thdng cho php hay tchi sdngtrong mt hm ACL. C thchn la mt hay nhiu a chIP. Hnh 1-6chng minh cch kim tra nhng a chtng ng.


13/24

- 12 -

Hnh 1-6: wildcard mask

Note: Wildcard Masking cho ACLs hot ng khc vi IP subnet mask. 0

trong vtr bits ca ACL mask chra nhng bits tng ng phi ph hp. 1trong vtr bits ca ACL mask chra nhng bits tng ng khng ph hptrong a ch.

Trong hnh 1-7, mt qun trvin mun kim tra mt lot cc mng con IP c cho php hay tchi. Gisa chIP l mt Class B a ch(hai octetu tin l smng), vi 8 bit ca subnetting. (cc octet thba l cho mngcon). Qun trvin mun sdng cc k tai din IP bit ph hp viwildcard masking ca mng con 172.30.16.0/24 n 172.30.31.0/24

sdng mt ACL ph hp vi phm vi ca mng con. Sdng a chIP172.30.16.0 trong ACL, l subnet u tin c xut hin, tip theo l wildcardmask yu cu.Cc wildcard mask ph hp vi hai octet u tin(172,30) ca a chIP bng

cch sdng tng ng 0 bit trong hai octet u tin ca wildcard mask.


14/24

- 13 -

V khng c quan tm n mt host ring r, cc wildcard mask bqua ccoctet cui cng bng cch sdng cc bit tng ng trong wildcard mask. Vd, octet cui cng ca wildcard mask l 255 trong sthp phn.Trong octet thba, ni m cc a chsubnet xy ra, cc wildcard mask ca

thp phn 15, hoc nhphn 00001111, ph hp tht4 bit vao ca a chIP.

Trong trng hp ny, wildcard mask ph hp bt u vi mng con subnet172.30.16.0/24. i vi 4 bit cui cng trong octet ny, cc wildcard mask chothy rng cc bit c thc bqua. Trong cc vi tr ny, gi tra chc thc nhphn 0 hoc nhphn 1. Do , cc wildcard mask lin kt subnet 16,17, 18, v nh vy ln n subnet 31. Cc wildcard mask khng ph hp vimng con khc.Trong v da ch172.30.16.0 vi wildcard mask 0.0.15.255 ph hp nhng

subnet 172.30.16.0/24 n 172.30.31.0/24.Trong mt strng hp, bn phi sdng nhiu hn mt cu lnh ACL

ph hp vi mt lot cc mng con, cho v dph hp 10.1.4.0/24 n10.1.8.0/24, sdng 10.1.4.0 0.0.3.255 v 10.1.8.0 0.0.0 255.Cc bit 0 v 1 trong wildcard mask ACL gy ra ACL cho mt trong hai kh

nng ph hp hoc bqua cc bit tng ng trong a chIP. Hnh 1-8 chothy wildcard mask c sdng ph hp vi mt host cthhoc phhp vi tt ccc host lu tr(any).

Thay v dng 172.30.16.29 0.0.0.0, c thsdng host 172.30.16.29.Thay v sdng 0.0.0.0 255.255.255.255, c thsdng thay thbng any.

III. Cu hnh ACL:Standard IPv4 ACL, nh st1 n 99 va t1300 n 1999 hoc dung tn,dunglc gi tin dtrn ngun v mask, v n cho php hoc tchi gi tin.Hnh 1-9 chng trng standard ACL chkim tra a chngun trong header caIpv4.


15/24

- 14 -

1.Cu hnh numbered standard I Pv4 ACLcu hnh numbered standard IPv4 ACL trn cisco router, phi to mt standardACL v kch hot n trn mt cng giao din. Cu lnh access-list dng tomt entry trong danh sch lc ca standard ACL.Cu lnh ip access-group dng kt cc ACLs tn ti n mt cng giaodin. Chcho php mt ACL cho mi giao thc,mi phng, v mi cng giaodin.Cc bc bt buc cu hnh v p t mt numbered standard ACL vocng giao din.

Step 1: dng cu lnh access-list to mt entry trong standard ACL.Router(config)#access-list 1 permit 172.16.0.0.0.0.255.255

Step 2: dng cu lnh interface chn la cng cn p t ACLRouter(config)#interface Ethernet 1

Step 3:Dng cu lnh ip access-group kch hot ACL to trn cng giao dinRouter(config-if)#ip access-group 1 in

Bc ny dng kch hot mt standard ACL trn cng giao din theochiu vo inbound) lc lung dliu.

2.Cu hnh numbered extended IPv4 ACLVi extended ACL, nh st100 n 199 v 2000 n 2699 hoc dng tn,

c thkim tra gc su hn vi ca chngun v ch ca IP. Thmvao ,tn cng ca hm exterded ACL. Ta c thxc nh cthnhng giaothc l TCP hay UDP ca tng ng dng (application) ca gi tin. Hnh 1-10chng trng vng header ca IP c thbthm tra vi mt extended ACL.


16/24

- 15 -

chmt nh mt ng dng, bn c thcu hnh scng hoc tn ca mtng dng ni ting. Bng 1-2 cho thy mt danh sch rt gn ca mt sportca cc ng dng TCP khc nhau

cu hnh numbered extended ACL trn Cisco router, u tin to mtextended ACL v kch hot ACL ny trn cng mt giao din. Dng cu lnh

access-list to mt entry vi iu kin cho blc. Cu hnh ton bnh sau:

Bng 3: cc tham scho cu hnh number extended ACL

Bin s M tAccess-list number Xc nhn mt strong dy 100-199

hoc 2000-2699Permit | deny Chra entry ny cho php hay t

chi a chcthca gi tinprotocol IP, TCP, UDP, ICMPSource v destination Xc nhn a chngun v

chSource-wildcard mask v

destination-wildcard mask

Wildcard mask; bit 0 chvtr phhp v bit 1 chvtr dont care

Openator[ port |

app_name]

C thl It(less than), gt(greaterthan), eq(equal to) hoc neq(notequal to). a chport c thl portngun hay port ch, ty thuc vo

ni m ACL cu hnh. Thay v sdng port, c thsung tn thay thnh Telnet, FTP hay SMTP.

establishhed Chsdng cho chiu vo ca thcTCP. Cho php lung dliu TCPthng qua nu gi tin phn hi tmt

phin(session) xut pht bn trong .Loi dliu ny c bt cACK.


17/24

- 16 -

log Gi mt thng tin log ncng console

V dvsdng extebded ACL vi thong sestablished:Trong v dny, bin sestablished ca extended ACL cho php phn hi

lung d liu m xut pht tmail host, a ch128.88.1.2 , trvtrn cngserial 0. Sph hp xy ra nu TCP datagram c bt cACK hay creset(RST), chrng gi tin ny phthuc vo kt ni hin ti.Nu khng c bin sestablished, mail host chnhn lung dliu SMTP nhng khng thgi n i.

3.Cu hnh named ACLNamed ACL l tnh nng cho php xc nh standard v extended IP ACL vimt chui chs(tn) thay v cc i din thuc shin thi.

Named IP ACL cho php bn xa th mc c nhn trong mottj ACL cth. Vabi v bn c thxa th mc c nhn vi named ACL, bn c ththay iACL ca bn m khng cn phi xa v sau cu hnh li ton bACL.3.1Khi to named standard ACLCc bc bt buc cu hnh v p t mt named ACL trn router:Step 1:nh ngha mt standard named ACL.

Step 2: Sdng mt trong nhng cu lnh sau xaay dng bin skim tra

Step 3: Ri khi cu hnh named ACL:


18/24


19/24

- 18 -

C nhiu thun li nu dng dy strong named ACL thm vonhng entry cthtrong mt danh sch tn ti. v dsau, mt entrymi c thm vo mt vtr cthtrong mt ACL.

IV. Cc lnh kim tra trong ACLKhi hon thnh cu hnh ACL, sdng cc lnh show kim tra cu hnh. Sdng show access-listn hin thni dung ca tt ccc ACL, nh thhintrong v d. Bng cch nhp tn hoc sACL l mt la chn cho lnh ny, bnc thhin thmt ACL cth. chhin thni dung ca tt ccc ACLs IP,sdng lnh show ip access-list.V d:

Lnh show ip interfacehin ththng tin giao din v cho bit d bt k ACL IPc thit lp trn giao din. Trong lnh show ip interface e0c hin thtrongv d. IP ACL c cu hnh trn giao din E0 l mt ACL chiu vo. Khngc chiu ra ca ACL c cu hnh trn giao din E0.

V. Cc loi khc ca ACL


20/24

- 19 -

Standard v extended ACL c thtrthnh nhng mu cht c bn cho cc loiACL khc. Nhng loi ACL khc bao gm:

Dynamic ACLs (lock-and-key).

Reflexive ACLs.

Time-based ACLs.

1.Dynamic ACL(lock-and-key)ACL ng (dynamic ACL) phthuc vo kt ni Telnet, chng thc(authentication) v extended ACL. Lock-and-key cu hnh bt u vi cc ngdng ca mt ACL mrng ngn chn lung dliu thng qua router.

Ngi dng mun i qua cc router bchn bi cc ACL mrng cho n khihsdng Telnet kt ni n router v c chng thc. Cc kt ni Telnetsau btchi, v mt n nhp dynamic ACL c thm vo ACL m

rng. iu ny cho php lu lng truy cp trong mt thi gian cth; thigian nhn ri(idle timeout) v tuyt i (absolute timeout) l co th. Hnh 1-11cho thy mt v dvdanh sch truy cp ng.

Mt sl do phbin sdng ACL ng nh sau: Sdng ACL ng khi bn mun c mt ngi dng cthtxa hoc

mt nhm ngi dng txa truy cp vo mt my chtrong mngca bn, kt ni tmy chtxa ca hthng qua Internet. Lock-and-key xc nhn ngi sdng v cho php truy cp gii hn thng quacc bnh tuyn tng la ca bn cho mt my chhoc mng controng mt thi gian hu hn.


21/24

- 20 -

Sdng ACL ng khi bn mun c mt tp hp con ca cc host trnmt mng ni btruy cp vo mt my chtxa trn mt mngc bo vbi tng la. Vi lock-and-key, bn c thcho php truycp vo cc my chtxa chvi mong mun thit lp my chlu trni b. Lock-and-key i hi ngi sdng xc thc thng qua mt

my ch+ TACACS hoc my chbo mt khc, trc khi n chophp my chca htruy cp vo my chtxa.

Dynamic ACL c li ch bo mt sau hn so vi standard v extended ACLtnh :

Sdng mc chthch thc (challenge) xc thc ngi dngc nhn.

Qun l n gin trong mng ln. Trong nhiu trng hp, gim slng xl ca router l cn

thit cho ACL.

To ngi dng truy cp ng thng qua tng la, m khng nhhng n nhng hn chca cu hnh bo mt khc.

Cc cu hnh sau y to ra mt tn ng nhp v mt khu xc thc.Idle Timeout l 10 pht.

Cc cu hnh sau cho php ngi dng mmt kt ni Telnet n router c chng thc v ngn chn tt clu lng khc.

Cc cu hnh sau y to ra cc ACL ng sc tng p dng vodanh sch truy cp hin ti 101. Thi gian chabsolute timeout c thitlp n 15 pht.


22/24

- 21 -

Cu hnh sau y xc thc ngi dng khi hm mt kt ni Telnetn router:

2.Refl exive ACLReflexive ACLs cho php cc gi tin IP c lc da trn thng tin lp trn

nh sTCP port. Chng thng c sdng cho php lu thng ra ngoiv hn chlu lng vo trong p ng vi cc phin c ngun gc tmtmng bn trong router. Reflexive ACLs c mc chl tm thi. Nhng thng

sny sc tng to ra khi mt IP mi bt u phin. V dvi mt gitin gi i v cc mc sc tng loi bkhi phin kt thc. ReflexiveACLs khng c p dng trc tip vo mt giao din nhng c lng trongmt extended named IP ACL p dng cho cng giao din.

Reflexive ACLs cung cp mt hnh thc tin cy hn trong phin lc ca mtextended ACL sdng cc thng sthit lp. Reflexive ACLs gy nhiu khkhn gimo, v nhiu tiu chlc phi phhp trc khi mt gi c

php thng qua. V da chngun vo ch v scng, khng chcACKm cRST bits, cng c kim tra. Hnh 1-12 minh ha cch reflexive ACL

hot ng.

Reflexive ACLs l mt phn quan trng ca bo mt mng chng li hackermng v c thc bao gm trong mt tng la. Reflexive ACLs cung cpmt mt mc bo mt chng li gimo v mt stchi dch v(DoS) tn


23/24

- 22 -

cng. Reflexive ACLs rt dsdng v so vi ACL c bn, cung cp kim tratt hn cc gi dliu nhp vo mng ca bnCc cu hnh sau theo di lu lng c bt u tbn trong:

Cc cu hnh ktip to ra mt danh sch trong i hi cc bnh tuyn kim tra lu lng n xem liu n c bt u tbn trong v quan hca mt phn phn xca ACL outboundfilters, c gi l tcltrafic, ccinboundfilters ACL:

Cc cu hnh trong v dp dng cho cchiu i vo (inbound) v ira(outbound) ACL ti giao din cng:

Reflexive ACLs c thc nh ngha chc extended named IP ACL. Nkhng thc nh ngha vi shoc standard named IP ACL hoc vi ACLgiao thc khc.

3.Time-based ACLTime-based ACL tng tchc nng nh extended ACL, nhngchng cho

php kim sot truy cp da trn thi gian. thc hin ACL da trn thigian, bn to mt phm vi thi gian xc nh cthtrong nhng ngy v tun.

phm vi thi gian c xc nh theo tn vo sau tham chiu bi 1 hm. V

vy nhng hn chthi gian c p dng vi cc chc nng ring ca mnh.V dtrong hnh 1-13 ngi dng sbkha ttruyn HTTP giao thng saukhi 19:00


24/24

23

Time-base ACL c mt su im nh sau:Khi nh cung cp tc truy cp khc nhau theo thi gian trong ngy, n cthtng nh li chi ph, lung dliu mt cch hiu qu.Qun trmng c thkim sot ng nhp thng qua nhng log lu tr. Nhngmc ACL c thlu trng nhp truy cp vo nhng thi im nht nh

trong ngy nhng khng lin tc. v vy cc qun trvin c thchcn tchitruy cp m khng cn nhiu phn tch cc bn ghi c to ra trong gicaoim.Cu hnh sau y nh ngha time range thc thi ACL:

Cu hnh dng p time range vo ACL:

p t ACL n cng giao tip:

Time range phn hi da trn hthng ng bthi gian trn router. Thigian trn router c sdng nhng tnh nng ny c thhot ng tt nhtkhi ng bvi Network Time Protocol(NTP).

Documents

Bao Caothuc Tap Tot Nghiep