Manualshelf

Leaflet

ManualsBrandsCisco Manualshardware firewallsCisco ASA 5510 Adaptive Security Appliance
61626364656667686970
1-63
思科 ASA 系列命令参考,A H 命令
1 aaa accounting command accounting-server-group 命令
access-list extended
access-list extended
要将访问控制项 (ACE) 添加到扩展的 ACL,请在全局配置模式下使用 access-list extended 命令。
要删除 ACE,请使用此命令的 no 形式。
对于任何类型的流量,不具有端口:
access-list access_list_name [line line_number] extended {deny | permit} protocol_argument
[user_argument] [security_group_argument] source_address_argument
[security_group_argument] dest_address_argument [log [[level] [interval secs] | disable |
default]] [time-range time_range_name] [inactive]
no access-list access_list_name [line line_number] extended {deny | permit} protocol_argument
[user_argument] [security_group_argument] source_address_argument
[security_group_argument] dest_address_argument [log [[level] [interval secs] | disable |
default]] [time-range time_range_name] [inactive]
对于 TCP UDP 流量,具有端口:
access-list access_list_name [line line_number] extended {deny | permit} {tcp | udp}
[user_argument] [security_group_argument] source_address_argument [port_argument]
[security_group_argument] dest_address_argument [port_argument] [log [[level]
[interval secs] | disable | default]] [time-range time_range_name] [inactive]
no access-list access_list_name [line line_number] extended {deny | permit} {tcp | udp}
[user_argument] [security_group_argument] source_address_argument [port_argument]
[security_group_argument] dest_address_argument [port_argument] [log [[level]
[interval secs] | disable | default]] [time-range time_range_name] [
inactive]
对于 ICMP 流量,具有 ICMP 类型
access-list access_list_name [line line_number] extended {deny | permit}
{icmp | icmp6}[user_argument] [security_group_argument] source_address_argument
[security_group_argument] dest_address_argument [icmp_argument] [log [[level]
[interval secs] | disable | default]] [time-range time_range_name] [inactive]
no access-list access_list_name [line line_number] extended {deny | permit} {icmp | icmp6}
[user_argument] [security_group_argument] source_address_argument
[security_group_argument] dest_address_argument [icmp_argument] [log [[level]
[interval secs] | disable | default]] [time-range time_range_name] [inactive]
语法说明 access_list_name
ACL ID 指定为长度最多 241 个字符的字符串或整数。ID 是区分大
小写的。
提示 全部使用大写字母可更好地查看配置中的 ACL ID
deny
如果条件匹配,则拒绝数据包。在网络访问时(access-group
令),此关键字阻止数据包通过 ASA。在将应用检查应用于类映射
时(class-map inspect 命令),此关键字使流量免除检查。某些
功能不允许使用拒绝 ACE。请参阅针对使用 ACL 的每个功能的命令
文档,了解更多信息。