ä»æ¥ã¯ ACL ã¢ã¯ã»ã¹ ã³ã³ãããŒã« ãªã¹ãã«ã€ããŠåŠã³å§ããŸãããã®ãããã¯ã«ã¯ 2 ã€ã®ãã㪠ã¬ãã¹ã³ãå¿ èŠã§ãã æšæº ACL ã®èšå®ãèŠãŠããã次ã®ãã㪠ãã¥ãŒããªã¢ã«ã§ã¯æ¡åŒµãªã¹ãã«ã€ããŠèª¬æããŸãã
ãã®ã¬ãã¹ã³ã§ã¯ 3 ã€ã®ãããã¯ãåãäžããŸãã XNUMX ã€ç®ã¯ ACL ãšã¯äœããXNUMX ã€ç®ã¯æšæºã¢ã¯ã»ã¹ ãªã¹ããšæ¡åŒµã¢ã¯ã»ã¹ ãªã¹ãã®éãã¯äœããã¬ãã¹ã³ã®æåŸã«ã¯ã©ããšããŠãæšæº ACL ã®èšå®ãšèããããåé¡ã®è§£æ±ºã«ã€ããŠèŠãŠãããŸãã
ã§ã¯ãACLãšã¯äœã§ãããã? æåã®ãã㪠ã¬ãã¹ã³ãããã®ã³ãŒã¹ãåŠç¿ããå Žåã¯ãããŸããŸãªãããã¯ãŒã¯ ããã€ã¹éã®éä¿¡ãã©ã®ããã«æŽçããããèŠããŠããã§ãããã
ãŸããããã€ã¹ãšãããã¯ãŒã¯éã®éä¿¡ãçµç¹åããã¹ãã«ãåŸãããã«ãããŸããŸãªãããã³ã«äžã®éçã«ãŒãã£ã³ã°ã«ã€ããŠãç 究ããŸããã ç§ãã¡ã¯çŸåšããã©ãã£ãã¯å¶åŸ¡ã確å®ã«ããããšãã€ãŸããæªè
ããç¡èš±å¯ã®ãŠãŒã¶ãŒããããã¯ãŒã¯ã«äŸµå
¥ããããšãé²ãããšãèæ
®ããå¿
èŠãããåŠç¿æ®µéã«å°éããŸããã ããšãã°ãããã¯ããã®å³ã«ç€ºãããŠãã SALES å¶æ¥éšéã®äººã
ã«é¢ä¿ããå¯èœæ§ããããŸãã ããã§ã¯ã財åéšéã® ACCOUNTã管çéšéã® MANAGEMENTããµãŒã㌠ã«ãŒã SERVER ROOM ã瀺ããŠããŸãã
ãããã£ãŠãå¶æ¥éšéã«ã¯ 2 人ã®åŸæ¥å¡ãããå¯èœæ§ããããŸããããã®ãã¡ã® 3 人ããããã¯ãŒã¯çµç±ã§ãµãŒã㌠ã«ãŒã ã«ã¢ã¯ã»ã¹ã§ããªãããã«ããããšèããŠããŸãã Laptop2 ã³ã³ãã¥ãŒã¿ã§äœæ¥ããå¶æ¥ãããŒãžã£ãŒã¯äŸå€ãšããŠããµãŒã㌠ã«ãŒã ã«ã¢ã¯ã»ã¹ã§ããŸãã LaptopXNUMX ã§äœæ¥ããŠããæ°å
¥ç€Ÿå¡ã«ã¯ãã®ãããªã¢ã¯ã»ã¹æš©ãäžããã¹ãã§ã¯ãããŸãããã€ãŸãã圌ã®ã³ã³ãã¥ãŒã¿ããã®ãã©ãã£ãã¯ãã«ãŒã¿ãŒ RXNUMX ã«å°éããå Žåãããã¯ãããããããå¿
èŠããããŸãã
ACL ã®åœ¹å²ã¯ãæå®ããããã£ã«ã¿ãªã³ã° ãã©ã¡ãŒã¿ã«åŸã£ãŠãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããããšã§ãã ãããã«ã¯ãéä¿¡å IP ã¢ãã¬ã¹ãå®å IP ã¢ãã¬ã¹ããããã³ã«ãããŒãæ°ããã®ä»ã®ãã©ã¡ãŒã¿ãŒãå«ãŸããŠãããããã«ãããã©ãã£ãã¯ãèå¥ããããã«å¯ŸããŠäœããã®ã¢ã¯ã·ã§ã³ãå®è¡ã§ããŸãã
ã€ãŸããACL 㯠OSI ã¢ãã«ã®ã¬ã€ã€ãŒ 3 ãã£ã«ã¿ãªã³ã° ã¡ã«ããºã ã§ãã ããã¯ããã®ã¡ã«ããºã ãã«ãŒã¿ãŒã§äœ¿çšãããŠããããšãæå³ããŸãã ãã£ã«ã¿ãªã³ã°ã®äž»ãªåºæºã¯ãããŒã¿ ã¹ããªãŒã ã®èå¥ã§ãã ããšãã°ãLaptop3 ã³ã³ãã¥ãŒã¿ãæã£ãç·æ§ããµãŒããŒã«ã¢ã¯ã»ã¹ããã®ããããã¯ãããå ŽåããŸãæåã«åœŒã®ãã©ãã£ãã¯ãç¹å®ããå¿ èŠããããŸãã ãã®ãã©ãã£ãã¯ã¯ããããã¯ãŒã¯ ããã€ã¹ã®å¯Ÿå¿ããã€ã³ã¿ãŒãã§ã€ã¹ãä»ããŠã©ããããã - ã¹ã€ãã 2 - R2 - R1 - ã¹ã€ãã 1 - ãµãŒã㌠1 ã®æ¹åã«ç§»åããŸãããã«ãŒã¿ãŒã® G0/0 ã€ã³ã¿ãŒãã§ã€ã¹ã¯ãããšã¯äœã®é¢ä¿ããããŸããã
ãã©ãã£ãã¯ãèå¥ããã«ã¯ããã®ãã¹ãèå¥ããå¿
èŠããããŸãã ãããå®äºãããšããã£ã«ã¿ãŒãæ£ç¢ºã«ã©ãã«èšçœ®ããå¿
èŠããããã決å®ã§ããŸãã ãã£ã«ã¿ãŒèªäœã«ã€ããŠã¯å¿é
ããå¿
èŠã¯ãããŸããããã£ã«ã¿ãŒã«ã€ããŠã¯æ¬¡ã®ã¬ãã¹ã³ã§èª¬æããŸããããã§ã¯ããã£ã«ã¿ãŒãã©ã®ã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšããããšããåçãç解ããå¿
èŠããããŸãã
ã«ãŒã¿ãŒãèŠããšããã©ãã£ãã¯ã移åãããã³ã«ãããŒã¿ ãããŒãæµå ¥ããã€ã³ã¿ãŒãã§ã€ã¹ãšããã®ãããŒãæµåºããã€ã³ã¿ãŒãã§ã€ã¹ãååšããããšãããããŸãã
å®éã«ã¯ãå ¥åã€ã³ã¿ãŒãã§ã€ã¹ãåºåã€ã³ã¿ãŒãã§ã€ã¹ãã«ãŒã¿ãŒèªèº«ã®ã€ã³ã¿ãŒãã§ã€ã¹ã® 3 ã€ã®ã€ã³ã¿ãŒãã§ã€ã¹ããããŸãã ãã£ã«ã¿ãªã³ã°ã¯å ¥åã€ã³ã¿ãŒãã§ã€ã¹ãŸãã¯åºåã€ã³ã¿ãŒãã§ã€ã¹ã«ã®ã¿é©çšã§ããããšã«æ³šæããŠãã ããã
ACL ã®éçšåçã¯ãæåŸ
è
ã®ãªã¹ãã«ååãèšèŒãããŠããã²ã¹ãã®ã¿ãåå ã§ããã€ãã³ããžã®ãã¹ã«äŒŒãŠããŸãã ACL ã¯ããã©ãã£ãã¯ãèå¥ããããã«äœ¿çšãããè³æ Œãã©ã¡ãŒã¿ã®ãªã¹ãã§ãã ããšãã°ããã®ãªã¹ãã¯ãIP ã¢ãã¬ã¹ 192.168.1.10 ããã®ãã¹ãŠã®ãã©ãã£ãã¯ãèš±å¯ãããä»ã®ãã¹ãŠã®ã¢ãã¬ã¹ããã®ãã©ãã£ãã¯ãæåŠãããããšã瀺ããŠããŸãã åè¿°ããããã«ããã®ãªã¹ãã¯å
¥åã€ã³ã¿ãŒãã§ã€ã¹ãšåºåã€ã³ã¿ãŒãã§ã€ã¹ã®äž¡æ¹ã«é©çšã§ããŸãã
ACL ã«ã¯ãæšæºãšæ¡åŒµã® 2 çš®é¡ããããŸãã æšæº ACL ã«ã¯ã1 ãã 99 ãŸã§ããŸã㯠1300 ãã 1999 ãŸã§ã®èå¥åããããŸãããããã¯åãªããªã¹ãåã§ãããçªå·ã倧ãããªã£ãŠãçžäºã«å©ç¹ã¯ãããŸããã çªå·ã«å ããŠãç¬èªã®ååã ACL ã«å²ãåœãŠãããšãã§ããŸãã æ¡åŒµ ACL ã«ã¯ 100 ïœ 199 ãŸã㯠2000 ïœ 2699 ã®çªå·ãä»ããããååãä»ããŠããå ŽåããããŸãã
æšæº ACL ã§ã¯ãåé¡ã¯ãã©ãã£ãã¯ã®éä¿¡å IP ã¢ãã¬ã¹ã«åºã¥ããŠè¡ãããŸãã ãããã£ãŠããã®ãããªãªã¹ãã䜿çšããå Žåãéä¿¡å ãžã®ãã©ãã£ãã¯ãå¶éããããšã¯ã§ããããããã¯ã§ããã®ã¯ããã€ã¹ããçºä¿¡ããããã©ãã£ãã¯ã®ã¿ã§ãã
æ¡åŒµ ACL ã¯ãéä¿¡å IP ã¢ãã¬ã¹ãå®å IP ã¢ãã¬ã¹ã䜿çšããããããã³ã«ãããã³ããŒãçªå·ã«ãã£ãŠãã©ãã£ãã¯ãåé¡ããŸãã ããšãã°ãFTP ãã©ãã£ãã¯ã®ã¿ããŸã㯠HTTP ãã©ãã£ãã¯ã®ã¿ããããã¯ã§ããŸãã ä»æ¥ã¯æšæº ACL ã«ã€ããŠèª¬æãã次ã®ãã㪠ã¬ãã¹ã³ã§ã¯æ¡åŒµãªã¹ããåãäžããŸãã
å ã»ã©ãè¿°ã¹ãããã«ãACL ã¯æ¡ä»¶ã®ãªã¹ãã§ãã ãã®ãªã¹ããã«ãŒã¿ã®åä¿¡ã€ã³ã¿ãŒãã§ã€ã¹ãŸãã¯éä¿¡ã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšãããšãã«ãŒã¿ã¯ãã®ãªã¹ããšç §åããŠãã©ãã£ãã¯ããã§ãã¯ãããªã¹ãã«èšå®ãããŠããæ¡ä»¶ãæºãããŠããå Žåã¯ããã®ãã©ãã£ãã¯ãèš±å¯ãããæåŠãããã決å®ããŸãã ããã§ã¯è€éãªããšã¯äœããããŸããããã«ãŒã¿ãŒã®å ¥åã€ã³ã¿ãŒãã§ã€ã¹ãšåºåã€ã³ã¿ãŒãã§ã€ã¹ã決å®ããã®ãé£ãããšæããããšããããããŸãã åä¿¡ã€ã³ã¿ãŒãã§ã€ã¹ã«ã€ããŠè©±ããšããããã¯ããã®ããŒãã§ã¯åä¿¡ãã©ãã£ãã¯ã®ã¿ãå¶åŸ¡ãããã«ãŒã¿ãŒã¯éä¿¡ãã©ãã£ãã¯ã«å¶éãé©çšããªãããšãæå³ããŸãã åæ§ã«ãåºåã€ã³ã¿ãŒãã§ã€ã¹ã«ã€ããŠè©±ããŠããå Žåãããã¯ããã¹ãŠã®ã«ãŒã«ãéä¿¡ãã©ãã£ãã¯ã«ã®ã¿é©çšããããã®ããŒãã®åä¿¡ãã©ãã£ãã¯ã¯å¶éãªãåãå ¥ããããããšãæå³ããŸãã ããšãã°ãã«ãŒã¿ã« f2/0 ãš f0/0 ã® 1 ã€ã®ããŒããããå ŽåãACL 㯠f0/0 ã€ã³ã¿ãŒãã§ã€ã¹ã«å ¥ããã©ãã£ãã¯ã®ã¿ããŸã㯠f0/1 ã€ã³ã¿ãŒãã§ã€ã¹ããçºä¿¡ããããã©ãã£ãã¯ã®ã¿ã«é©çšãããŸãã ã€ã³ã¿ãŒãã§ã€ã¹ f0/1 ã«åºå ¥ããããã©ãã£ãã¯ã¯ãªã¹ãã®åœ±é¿ãåããŸããã
ãããã£ãŠãã€ã³ã¿ãŒãã§ã€ã¹ã®åä¿¡æ¹åãŸãã¯éä¿¡æ¹åãæ··åããªãã§ãã ãããããã¯ãç¹å®ã®ãã©ãã£ãã¯ã®æ¹åã«ãã£ãŠç°ãªããŸãã ãããã£ãŠãã«ãŒã¿ã¯ãACL æ¡ä»¶ã«äžèŽãããã©ãã£ãã¯ããã§ãã¯ããåŸããã©ãã£ãã¯ãèš±å¯ãããæåŠãããã® 180.160.1.30 ã€ã®æ±ºå®ã®ã¿ãè¡ãããšãã§ããŸãã ããšãã°ã192.168.1.10 å®ãŠã®ãã©ãã£ãã¯ãèš±å¯ããXNUMX å®ãŠã®ãã©ãã£ãã¯ãæåŠã§ããŸãã åãªã¹ãã«ã¯è€æ°ã®æ¡ä»¶ãå«ããããšãã§ããŸããããããã®æ¡ä»¶ããšã«èš±å¯ãŸãã¯æåŠããå¿
èŠããããŸãã
ãªã¹ãããããšããŸããã:
çŠæ¢ãã _______
èš±å¯ãã ________
èš±å¯ãã ________
çŠæ¢ãã _________ã
ãŸããã«ãŒã¿ãŒã¯ãã©ãã£ãã¯ããã§ãã¯ããŠæåã®æ¡ä»¶ã«äžèŽãããã©ããã確èªããäžèŽããªãå Žå㯠XNUMX çªç®ã®æ¡ä»¶ããã§ãã¯ããŸãã ãã©ãã£ãã¯ã XNUMX çªç®ã®æ¡ä»¶ã«äžèŽããå Žåãã«ãŒã¿ãŒã¯ãã§ãã¯ãåæ¢ãããªã¹ãã®æ®ãã®æ¡ä»¶ãšæ¯èŒããŸããã ãèš±å¯ãã¢ã¯ã·ã§ã³ãå®è¡ãããã©ãã£ãã¯ã®æ¬¡ã®éšåã®ãã§ãã¯ã«é²ã¿ãŸãã
ã©ã®ãã±ããã«ãã«ãŒã«ãèšå®ããŠãããããã©ãã£ãã¯ãæ¡ä»¶ã«è©²åœããã«ãªã¹ãã®ãã¹ãŠã®è¡ãééããå Žåãå ACL ãªã¹ãã¯ããã©ã«ãã§deny any ã³ãã³ããã€ãŸãç Žæ£ã§çµããããããã®ãã±ããã¯ç Žæ£ãããŸããã©ã®ãã±ããã§ããã©ã®ã«ãŒã«ã«ã該åœããŸããã ãã®æ¡ä»¶ã¯ããªã¹ãã«ã«ãŒã«ãå°ãªããšã 192.168.1.30 ã€ããå Žåã«æå¹ã«ãªããŸãããã以å€ã®å Žåã¯ãå¹æããããŸããã ãã ããæåã®è¡ã«ãšã³ããªdeny XNUMXãå«ãŸããŠããããªã¹ãã«æ¡ä»¶ãå«ãŸããŠããªãå Žåã¯ãæåŸã«ã³ãã³ãpermit any (ã«ãŒã«ã§çŠæ¢ãããŠãããã©ãã£ãã¯ãé€ããã¹ãŠã®ãã©ãã£ãã¯ãèš±å¯) ãå¿ èŠã§ãã ACL ãèšå®ããéã®ééããé¿ããããã«ããããèæ ®ããå¿ èŠããããŸãã
ASL ãªã¹ãäœæã®åºæ¬ã«ãŒã«ãèŠããŠãããŠãã ãããæšæº ASL ã¯å®å ãã€ãŸããã©ãã£ãã¯ã®åä¿¡è ã®ã§ããã ãè¿ãã«é 眮ããæ¡åŒµ ASL ã¯éä¿¡å ãã€ãŸãéä¿¡å ã®ã§ããã ãè¿ãã«é 眮ããŸãããã©ãã£ãã¯ã®éä¿¡è ã«éä¿¡ãããŸãã ãããã¯ã·ã¹ã³ã®æšå¥šäºé ã§ãããå®éã«ã¯ããã©ãã£ã㯠ãœãŒã¹ã®è¿ãã«æšæº ACL ãé 眮ããæ¹ãåççã§ããç¶æ³ããããŸãã ãã ããè©Šéšäžã« ACL ã®é 眮ã«ãŒã«ã«é¢ãã質åã«ééããå Žåã¯ãã·ã¹ã³ã®æšå¥šäºé ã«åŸã£ãŠãæ確ã«çããŠãã ãããæšæºã¯å®å ã«è¿ããæ¡åŒµã¯éä¿¡å ã«è¿ããã®ã§ãã
次ã«ãæšæº ACL ã®æ§æãèŠãŠã¿ãŸãããã ã«ãŒã¿ã®ã°ããŒãã« ã³ã³ãã£ã®ã¥ã¬ãŒã·ã§ã³ ã¢ãŒãã«ã¯ãã¯ã©ã·ãã¯æ§æãšã¢ãã³æ§æã® XNUMX çš®é¡ã®ã³ãã³ãæ§æããããŸãã
åŸæ¥ã®ã³ãã³ã ã¿ã€ãã¯ãaccess-list <ACL çªå·> <deny/allow> <criteria> ã§ãã <ACL çªå·> ã 1 ïœ 99 ã«èšå®ãããšãããã€ã¹ã¯ãããæšæº ACL ã§ããããšãèªåçã«èªèãã100 ïœ 199 ã®å Žåã¯æ¡åŒµ ACL ã§ãããšèªèããŸãã ä»æ¥ã®ã¬ãã¹ã³ã§ã¯æšæºãªã¹ãã察象ãšããŠããããã1 ãã 99 ãŸã§ã®ä»»æã®æ°å€ã䜿çšã§ããŸãã次ã«ããã©ã¡ãŒã¿ãŒã次ã®åºæº (ãã©ãã£ãã¯ã®èš±å¯ãŸãã¯æåŠ) ã«äžèŽããå Žåã«é©çšããå¿
èŠãããã¢ã¯ã·ã§ã³ã瀺ããŸãã ãã®åºæºã¯çŸä»£ã®æ§æã§ã䜿çšãããŠãããããåŸã§æ€èšããŸãã
ææ°ã®ã³ãã³ã ã¿ã€ã㯠Rx(config) ã°ããŒãã« ã³ã³ãã£ã®ã¥ã¬ãŒã·ã§ã³ ã¢ãŒãã§ã䜿çšãããip access-list standard <ACL çªå·/åå> ã®ããã«ãªããŸãã ããã§ã¯ã1 ïœ 99 ã®æ°åããŸã㯠ACL ãªã¹ãã®åå (ACL_Networking ãªã©) ã䜿çšã§ããŸãã ãã®ã³ãã³ãã«ãããã·ã¹ãã ã¯ãã ã¡ã« Rx æšæºã¢ãŒã ãµãã³ãã³ã ã¢ãŒã (config-std-nacl) ã«ãªãã<deny/enable> <criteria> ãå ¥åããå¿ èŠããããŸãã çŸä»£çãªã¿ã€ãã®ããŒã ã«ã¯ãå€å žçãªããŒã ãšæ¯èŒããŠå€ãã®å©ç¹ããããŸãã
åŸæ¥ã®ãªã¹ãã§ããaccess-list 10deny ______ããšå ¥åãã次ã«å¥ã®åºæºã«å¯ŸããŠåãçš®é¡ã®æ¬¡ã®ã³ãã³ããå ¥åãããšãæçµçã«ãã®ãããªã³ãã³ãã 100 åã«ãªãå Žåãå ¥åããã³ãã³ãã®ãããããå€æŽããã«ã¯ã次ã®æäœãè¡ãå¿ èŠããããŸãã no access-list 10 ã³ãã³ãã䜿çšããŠãã¢ã¯ã»ã¹ ãªã¹ã ãªã¹ã 10 å šäœãåé€ããŸãããã®ãªã¹ãå ã®åã ã®ã³ãã³ããç·šéããæ¹æ³ããªããããããã«ãã 100 åã®ã³ãã³ãããã¹ãŠåé€ãããŸãã
ææ°ã®æ§æã§ã¯ãã³ãã³ã㯠10 è¡ã«åå²ãããŠãããæåã®è¡ã«ã¯ãªã¹ãçªå·ãå«ãŸããŸãã access-list standard 20 Deny ________ãaccess-list standard 15 Deny ________ ãªã©ã®ãªã¹ããããå Žåããããã®éã«ä»ã®åºæºãå«ãäžéãªã¹ããæ¿å ¥ããæ©äŒããããšããŸããããšãã°ãaccess-list standard XNUMX Deny ________ ãªã©ã§ãã ã
ãããã¯ãåçŽã«ã¢ã¯ã»ã¹ ãªã¹ãæšæº 20 è¡ãåé€ããã¢ã¯ã»ã¹ ãªã¹ãæšæº 10 è¡ãšã¢ã¯ã»ã¹ ãªã¹ãæšæº 30 è¡ã®éã§ç°ãªããã©ã¡ãŒã¿ã䜿çšããŠåå ¥åããããšãã§ããŸãããã®ããã«ãææ°ã® ACL æ§æãç·šéããã«ã¯ããŸããŸãªæ¹æ³ããããŸãã
ACL ãäœæãããšãã¯ååã«æ³šæããå¿ èŠããããŸãã ãåç¥ã®ãšããããªã¹ãã¯äžããäžã«èªãŸããŸãã ç¹å®ã®ãã¹ãããã®ãã©ãã£ãã¯ãèš±å¯ããè¡ãäžéšã«é 眮ããå Žåããã®äžã«ããã®ãã¹ããå±ãããããã¯ãŒã¯å šäœããã®ãã©ãã£ãã¯ãçŠæ¢ããè¡ãé 眮ãããšãäž¡æ¹ã®æ¡ä»¶ããã§ãã¯ãããç¹å®ã®ãã¹ããžã®ãã©ãã£ãã¯ããã§ãã¯ãããŸããã®ééãèš±å¯ããããã®ãããã¯ãŒã¯ã®ä»ã®ãã¹ãŠã®ãã¹ãããã®ãã©ãã£ãã¯ã¯ãããã¯ãããŸãã ãããã£ãŠãåžžã«ç¹å®ã®ãšã³ããªããªã¹ãã®äžéšã«é 眮ããäžè¬çãªãšã³ããªãäžéšã«é 眮ããŸãã
ãããã£ãŠãã¯ã©ã·ãã¯ãŸãã¯ã¢ãã³ ACL ãäœæããåŸããããé©çšããå¿ èŠããããŸãã ãããè¡ãã«ã¯ãã€ã³ã¿ãŒãã§ã€ã¹ <ã¿ã€ããšã¹ããã> ã³ãã³ãã䜿çšããŠç¹å®ã®ã€ã³ã¿ãŒãã§ã€ã¹ (ããšãã°ãf0/0) ã®èšå®ã«ç§»åããã€ã³ã¿ãŒãã§ã€ã¹ ãµãã³ãã³ã ã¢ãŒãã«ç§»åããŠãã³ãã³ã ip access-group <ACL çªå·/ ãå ¥åããå¿ èŠããããŸããåå> ã éãã«æ³šæããŠãã ããããªã¹ããã³ã³ãã€ã«ãããšãã¯ã¢ã¯ã»ã¹ ãªã¹ãã䜿çšããããªã¹ããé©çšãããšãã¯ã¢ã¯ã»ã¹ ã°ã«ãŒãã䜿çšãããŸãã ãã®ãªã¹ããã©ã®ã€ã³ã¿ãŒãã§ãŒã¹ã«é©çšããã (åä¿¡ã€ã³ã¿ãŒãã§ãŒã¹ãŸãã¯éä¿¡ã€ã³ã¿ãŒãã§ãŒã¹) ã決å®ããå¿ èŠããããŸãã ãªã¹ãã« Networking ãªã©ã®ååãããå Žåããã®ã€ã³ã¿ãŒãã§ã€ã¹ã«ãªã¹ããé©çšããã³ãã³ãã§åãååãç¹°ãè¿ãããŸãã
ããã§ãç¹å®ã®åé¡ãåãäžãããã±ãã ãã¬ãŒãµãŒã䜿çšãããããã¯ãŒã¯å³ã®äŸã䜿çšããŠè§£æ±ºããŠã¿ãŸãã ã€ãŸããå¶æ¥éšéãçµçéšéã管çéšéããµãŒããŒã«ãŒã ã®4ã€ã®ãããã¯ãŒã¯ããããŸãã
ã¿ã¹ã¯ 1: å¶æ¥éšéãšè²¡åéšéãã管çéšéãšãµãŒã㌠ã«ãŒã ã«åãããã¹ãŠã®ãã©ãã£ãã¯ããããã¯ããå¿ èŠããããŸãã ãããã¯ãããŠããå Žæã¯ãã«ãŒã¿ R0 ã®ã€ã³ã¿ãŒãã§ã€ã¹ S1/0/2 ã§ãã ãŸãã次ã®ãšã³ããªãå«ããªã¹ããäœæããå¿ èŠããããŸãã
ãã®ãªã¹ããã管çããã³ãµãŒã㌠ã»ãã¥ãªã㣠ACLããšåŒã³ãACL Secure_Ma_And_Se ãšç¥ããŸãã 次ã«ã財åéšéã®ãããã¯ãŒã¯ 192.168.1.128/26 ããã®ãã©ãã£ãã¯ãçŠæ¢ããå¶æ¥éšéã®ãããã¯ãŒã¯ 192.168.1.0/25 ããã®ãã©ãã£ãã¯ãçŠæ¢ãããã®ä»ã®ãã©ãã£ãã¯ãèš±å¯ããŸãã ãªã¹ãã®æåŸã«ã¯ãã«ãŒã¿ R0 ã®çºä¿¡ã€ã³ã¿ãŒãã§ã€ã¹ S1/0/2 ã«äœ¿çšãããããšã瀺ãããŠããŸãã ãªã¹ãã®æåŸã« [Permit Any] ãšã³ããªããªãå Žåãããã©ã«ãã® ACL ã¯åžžã«ãªã¹ãã®æåŸã« [Deny Any] ãšã³ããªã«èšå®ããããããä»ã®ãã©ãã£ãã¯ã¯ãã¹ãŠãããã¯ãããŸãã
ãã® ACL ãã€ã³ã¿ãŒãã§ã€ã¹ G0/0 ã«é©çšã§ããŸãã? ãã¡ããå¯èœã§ããããã®å Žåã¯çµçéšéããã®ãã©ãã£ãã¯ã®ã¿ããããã¯ãããå¶æ¥éšéããã®ãã©ãã£ãã¯ã¯äžåå¶éãããŸããã åæ§ã«ãACL ã G0/1 ã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšã§ããŸããããã®å Žåã財åéšéã®ãã©ãã£ãã¯ã¯ãããã¯ãããŸããã ãã¡ããããããã®ã€ã³ã¿ãŒãã§ã€ã¹ã«å¯Ÿã㊠2 ã€ã®åå¥ã®ããã㯠ãªã¹ããäœæããããšãã§ããŸããããããã 0 ã€ã®ãªã¹ãã«çµåããŠãã«ãŒã¿ R1 ã®åºåã€ã³ã¿ãŒãã§ã€ã¹ãŸãã¯ã«ãŒã¿ R0 ã®å ¥åã€ã³ã¿ãŒãã§ã€ã¹ S1/XNUMX/XNUMX ã«é©çšããæ¹ãã¯ããã«å¹ççã§ãã
ã·ã¹ã³ã®ã«ãŒã«ã§ã¯ãæšæº ACL ãå®å ã®ã§ããã ãè¿ãã«é 眮ããå¿ èŠããããšèŠå®ãããŠããŸããããã¹ãŠã®çºä¿¡ãã©ãã£ãã¯ããããã¯ããããããæšæº ACL ããã©ãã£ãã¯ã®éä¿¡å ã®è¿ãã«é 眮ããŸããããã¯ãéä¿¡å ã®è¿ãã«é 眮ããæ¹ãåççã§ãããã®ãã©ãã£ãã¯ã XNUMX ã€ã®ã«ãŒã¿ãŒéã®ãããã¯ãŒã¯ãç¡é§ã«ããªãããã«ããŸãã
åºæºãèšãå¿ããã®ã§ãæ©éæ»ããŸãã æ¡ä»¶ãšã㊠any ãæå®ã§ããŸãããã®å Žåãä»»æã®ããã€ã¹ããã³ä»»æã®ãããã¯ãŒã¯ããã®ãã©ãã£ãã¯ãæåŠãŸãã¯èš±å¯ãããŸãã ãã¹ãããã®èå¥åã§æå®ããããšãã§ããŸãããã®å Žåããšã³ããªã¯ç¹å®ã®ããã€ã¹ã® IP ã¢ãã¬ã¹ã«ãªããŸãã æåŸã«ããããã¯ãŒã¯å šäœ (ããšãã°ã192.168.1.10/24) ãæå®ã§ããŸãã ãã®å Žåã/24 㯠255.255.255.0 ã®ãµãããã ãã¹ã¯ãååšããããšãæå³ããŸãããACL ã§ãµãããã ãã¹ã¯ã® IP ã¢ãã¬ã¹ãæå®ããããšã¯ã§ããŸããã ãã®å ŽåãACL ã«ã¯ã¯ã€ã«ãã«ãŒã ãã¹ã¯ãã€ãŸãããªããŒã¹ ãã¹ã¯ããšåŒã°ããæŠå¿µããããŸãã ãããã£ãŠãIP ã¢ãã¬ã¹ãšæ»ããã¹ã¯ãæå®ããå¿ èŠããããŸãã éæ¹åãã¹ã¯ã¯æ¬¡ã®ããã«ãªããŸããäžè¬çãªãµãããã ãã¹ã¯ããçŽæ¥ãµãããã ãã¹ã¯ãæžç®ããå¿ èŠããããŸããã€ãŸããé æ¹åãã¹ã¯ã®ãªã¯ãããå€ã«å¯Ÿå¿ããæ°å€ã 255 ããæžç®ãããŸãã
ãããã£ãŠãACL ã®åºæºãšããŠãã©ã¡ãŒã¿ 192.168.1.10 0.0.0.255 ã䜿çšããå¿
èŠããããŸãã
䜿ãæ¹ïŒ ãªã¿ãŒã³ ãã¹ã¯ ãªã¯ãããã« 0 ãããå Žåãåºæºã¯ãµãããã IP ã¢ãã¬ã¹ã®å¯Ÿå¿ãããªã¯ããããšäžèŽãããšã¿ãªãããŸãã ããã¯ãã¹ã¯ ãªã¯ãããã«æ°å€ãããå ŽåãäžèŽã¯ãã§ãã¯ãããŸããã ãããã£ãŠããããã¯ãŒã¯ 192.168.1.0 ãšãªã¿ãŒã³ ãã¹ã¯ 0.0.0.255 ã®å Žåãæåã® 192.168.1 ãªã¯ãããã XNUMX ã«çããã¢ãã¬ã¹ããã®ãã¹ãŠã®ãã©ãã£ãã¯ã¯ãXNUMX çªç®ã®ãªã¯ãããã®å€ã«é¢ä¿ãªãã次ã®æ¡ä»¶ã«å¿ããŠãããã¯ãŸãã¯èš±å¯ãããŸããæå®ãããã¢ã¯ã·ã§ã³ã
ãªããŒã¹ ãã¹ã¯ã®äœ¿çšã¯ç°¡åã§ãã次ã®ãããªã§ã¯ã€ã«ãã«ãŒã ãã¹ã¯ã«æ»ã£ãŠããã®æäœæ¹æ³ã説æããŸãã
28:50å
ãã€ãã宿æ³ããã ãããããšãããããŸãã ç§ãã¡ã®èšäºãæ°ã«å ¥ã£ãŠããŸãã? ãã£ãšèå³æ·±ãã³ã³ãã³ããèŠããã§ãã? 泚æããããå人ã«å§ãããããŠç§ãã¡ããµããŒãããŠãã ããã Habr ãŠãŒã¶ãŒã¯ãåœç€Ÿãããªãã®ããã«çºæããããšã³ããªãŒã¬ãã«ã®ãµãŒããŒã«äŒŒããŠããŒã¯ãªè£œåã 30% å²åŒã§ãå©çšããã ããŸãã
Dell R730xdã¯2åå®ãïŒ ããã ã
åºæïŒ habr.com