在一台Cisco路由器上封禁ICMP协议,只允许215.192.40.16/28和202.204.28.0/24子网的ICMP数据包通过路由器,下列正确的access-list配置是()
- A.Router (config)#access-list 100 permit icmp 215.192.40.16 255.255.255.240 any Router (config)#access-list 100 permit icmp 202.204.28.0 255.255.255.0 any Router (config)#access-list 100 deny icmp any any Router (config)#access-list 100 permit ip any any Router (config)#
- B.Router (config)#access-list 98 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 98 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 98 deny icmp any any Router (config)#access-list 98 permit ip any any Router (config)#
- C.Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 198 deny icmp any any Router (config)#access-list 198 permit ip any any Router (config)#
- D.Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 198 permit ip any any Router (config)#access-list 198 deny icmp any any Router (config)#
热度🔥179
参考答案:C
解析:
全局配置模式:Router (config)#accesslist any
禁止其他ICMP:Router (config)#accesslist 198 deny icmp any any
允许IP包通过:Router (config)#accesslist 198 permit ip any any
配置应用接口:Router (config)#interface <接口名>
Router (configif)#ip accessgroup
此外,禁封ICMP协议为扩展访问控制命令;IP扩展访问控制列表表号范围为100~199、2000~2699;wildcard_mask为通配符,也即子网掩码的反码。deny icmp any any要在permit ip any any之前,因为执行了permit any any后,不再执行其后续的命令。因此,C选项正确。
全局配置模式:Router (config)#accesslist
复制题目向AI提问
