Cisco Systems OL-6426-02 Benutzerhandbuch
12-2
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 12 Configuring Security Features
Configuring AutoSecure
For information about configuring AAA services and supported security protocols, see the following
sections of the
sections of the
:
Configuring AutoSecure
The AutoSecure feature disables common IP services that can be exploited for network attacks and
enables IP services and features that can aid in the defense of a network when under attack. These IP
services are all disabled and enabled simultaneously with a single command, greatly simplifying security
configuration on your router. For a complete description of the AutoSecure feature, see the
“
enables IP services and features that can aid in the defense of a network when under attack. These IP
services are all disabled and enabled simultaneously with a single command, greatly simplifying security
configuration on your router. For a complete description of the AutoSecure feature, see the
“
feature document.
Configuring Access Lists
Access lists (ACLs) permit or deny network traffic over an interface based on source IP address,
destination IP address, or protocol. Access lists are configured as standard or extended. A standard
access list either permits or denies passage of packets from a designated source. An extended access list
allows designation of both the destination and the source, and it allows designation of individual
protocols to be permitted or denied passage. An access list is a series of commands with a common tag
to bind them together. The tag is either a number or a name.
destination IP address, or protocol. Access lists are configured as standard or extended. A standard
access list either permits or denies passage of packets from a designated source. An extended access list
allows designation of both the destination and the source, and it allows designation of individual
protocols to be permitted or denied passage. An access list is a series of commands with a common tag
to bind them together. The tag is either a number or a name.
lists the commands used to
configure access lists.
Table 12-1
Access List Configuration Commands
ACL Type
Configuration Commands
Numbered
Standard
access-list {1-99}{permit | deny} source-addr [source-mask]
Extended
access-list {100-199}{permit | deny} protocol source-addr
[source-mask] destination-addr [destination-mask]
[source-mask] destination-addr [destination-mask]
Named
Standard
ip access-list standard name followed by deny {source |
source-wildcard | any}
source-wildcard | any}
Extended
ip access-list extended name followed by {permit | deny} protocol
{source-addr [source-mask] | any}{destination-addr
[destination-mask] | any}
{source-addr [source-mask] | any}{destination-addr
[destination-mask] | any}