1.封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICMP数据包,正确的access-list配置是()。
Router (config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 any
Router (config)#access-list 110 deny icmp any any
Router (config)#access-list 110 permit ip any any
Router (config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 any
Router (config)#access-list 110 permit ip any any
Router (config)#access-list 110 deny icmp any any
Router (config)#access-list 110 permit icmp 212.78.170.0 0.0.0.255 any
Router (config)#access-list 110 deny icmp any any
Router (config)#access-list 110 permit ip any any
Router (config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 any
Router (config)#access-list 110 deny icmp any any
Router (config)#access-list 110 permit ip any any
2.定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是()。
access-list 198 permit icmp 166.129.130.0 255.255.255.0 any
access-list 198 deny icmp any any
access-list 198 permit ip any any
access-list 198 permit icmp 166.129.130.0 0.0.0.255 any
access-list 198 deny icmp any any
access-list 198 pemmit ip amy any
access-list 99 permit icmp 166.129.130.0 0.0.0.255 any
access-list 99 deny icmp any any
access-list 99 permit ip any any
access-list 100 permit icmp 166.129.130.0 0.0.0.255 any
access-list 100 permit ip any any
access-list 100 deny icmp any any
3.在一台Cisco路中器上封禁ICMP协议,只允许215.192.40.16/28和202.204.28.0/24子网的ICMP数据包通过路中器,下列正确的acces-is型置是()。
Router (config)#access-list 100 permit icmp 215.192.40.16 255.255.255.240 any
Router (config)#access-list 100 permit icmp 202.204.28.0 255.255.255.0 any
Router (config)faccess-list 100 deny icmp any any
Router (config)faccess-list 100 permit ip any any
Router (confg)#
Router (config)#access-list 98 permit icmp 215.192.40.16 0.0.0.15 any
Router (config)#access-list 98 permit icmp 202.204.28.0 0.0.0.255 any
Router (config)#access-list 98 deny icmp any any
Router (config)faccess-list 98 permit ip any any
Router (config)#
Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any
Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any
Router (confg)#access-list 198 deny icmp any any
Router (config)#access-list 198 permit ip any any
Router (config)#
Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any
Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any
Router (config)#access-list 198 permit ip any any
Router (config)#access-list 198 deny icmp any any
Router (config)#
4.在一台Cisco路由器的g3/1接口,封禁ICMP协议,只允许转发168.105.129.0/24子网的ICMP数据包,正确的访问控制列表的配置是()。
Router(config)#interface g3/1
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 out
Router(config-if)#exit
Router(config)#access-list 198 permit icmp 168.105.129.0 0.0.0.255 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)#access-list 2000 permit icmp 168.105.129.0 0.0.0.255 any
Router(config)#access-list 2000 deny icmp any any
Router(config)#access-list 2000 permit ip any any
Router(config)#interface g3/1
Router(config-if)#ip access-group 2000 in
Router(config-if)#ip access-group 2000 out
Router(config-if)#exit
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit icmp 168.105.129.0 0.0.0.255 any
Router(config)#access-list 198 permit ip any any
Router(config)#interface g3/1
Router(config-if)#ip access-group 198 out
Router(config-if)#exit
Router(config)#access-list 100 permit icmp 168.105.129.0 0.0.0.255 any
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 deny icmp any an,
Router(config)#interface g3/1
Router(config-if)#ip access-group 100 in
Router(config-if)#exit
5.在一台Cisco路由器的g3/1端口封禁ICMP协议,只允许137.189.1.0/24和21.68.69.0/26子网的ICMP数据包通过路由器,正确的acces-lis配置是()。
Router(config)#access-list 98 permit icmp 137.189.11.0 0.0.0.255 any
Router(config)#access-list 98 permit icmp 211.68.69.0 0.0.0.63 any
Router(config)#faccess-list 98 deny icmp any any
Router(config)#access-list 98 permit ip any any
Router(config)#interface g3/1
Router(config-if)#ipaccess-group 98 in
Router(config-if)#ipaccess-group 98 out
Router(config)#access-list 198 permit icmp 137.189.11.0 0.0.0.255 an
Router(config)#access-list 198 permit icmp 211.68.69.0 0.0.0.192 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)#interface g3/1
Router(config-if)#ipaccess-group 198 in
Router(config-if)#ipaccess-group 198 out
Router(config)#access-list 999 permit icmp 137.189.11.0 0.0.0.255 any
Router(config)#access-list 999 permit icmp 211.68.69.0 0.0.0.63 any
Router(config)#access-list 999 permit ip any any
Router(config)#access-list 999 deny icmp any any
Router(config)#interface g3/1
Router(config-if)#ipaccess-group 999 in
Router(config-if)#ipaccess-group 999 out
Router(config)#access-list 199 permit icmp 137.189.11.0 0.0.0.255am
Router(config)#access-list 199 permit icmp 211.68.69.0 0.0.0.63any
Router(config)#access-list 199 deny icmp any any
Router(config)#access-list 199 permit ip any any
Router(config)#interface g3/1
Router(config-if)#ipaccess-group 199 in
Router(config-if)#ipaccess-group 199 out
6.在一台Cisco路由器的g0/3端口上封禁ICMP协议,只允许222.29.860/24和202.38.97.128/26子网的ICMP数据包通过路由器,正确的acess-is配置是()。
Router(config)#access-list 98 permit icmp 222.29.86.0 0.0.0.255 any
Router(config)#access-list 98 permit icmp 202.38.97.128 0.0.0.63 any
Router(config)#access-list 98 deny icmp any any
Router(config)#access-list 98 permit ip any any
Router(config)#interface g0/3
Router(config-if)#ip access-group 98 in
Router(config-if)#ip access-group 98 out
Router(config)#access-list 198 permit icmp 222.29.86.0 255.255.255.0 any
Router(config)#access-list 198 permit icmp 202.38.97.128 255.255.255.192 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)#interface g0/3
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 out
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 permit icmp 222.29.86.0 0.0.0.255 any
Router(config)#access-list 100 permit icmp 202.38.97.128 0.0.0.63 any
Router(config)#access-list 100 deny icmp any any
Router(config)#interface g0/3
Router(config-if)#ip access-group 100 in
Router(config-if)#ip access-group 100 out
Router(config)#access-list 100 permit icmp 222.29.86.0 0.0.0.255 any
Router(confg)#access-list 100 permit icmp 202.38.97.128 0.0.0.63 any
Router(config)#access-list 100 deny icmp any any
Router(config)#access-list 100 permit ip any any
Router(config)#interface g0/3
Router(config-if)#ip access-group 100 in
Router(config-if)#ip access-group 100 out
7.在一台Cisco路由器的g0/1端口上封禁ICMP协议,只允许195.151.59.0/24和202.124.168.0/24子网的ICMP数据包通过路由器,正确的aces-is配置是()。
Router(config)#access-list 98 permit icmp 195.151.59.0 0.0.0.255 any
Router(config)#access-list 98 permit icmp 202.124.168.0 0.0.0.255 any
Router(config)#access-list 98 deny icmp any any
Router(config)#access-list 98 permit ip any any
Router(config)#interface gO/1
Router(config-if)#ip access-group 98 in
Router(config-if)#ip access-group 98 out
Router(config)#access-list 198 permit icmp 195.151.59.0 255.255.255.0 any
Router(config)#access-list 198 permit icmp 202.124.168.0 255.255.255.0 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)#interface gOV1
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 out
Router(config)#access-list 198 permit icmp 195.151.59.0 0.0.0.255 any
Router(config)#access-list 198 permit icmp 202.124.168.0 0.0.0.255 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)#interface g0v1
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 out
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit icmp 195.151.59.0 0.0.0.255 any
Router(config)#access-list 198 permit icmp 202.124.168.0 0.0.0.255 any
Router(config)#access-list 198 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 out
8.在一台Cisce路由器的g0/1英口封幕ICMP协设,只允许169.15.128.0/24和119.75.108.0/24子网的ICMP动据包通过路由器,正确的access-lis记置是()。
Router(config)#access-list 19$ deny icmp any any
Router(confg)#access-list 198 permit icmp 169.15.128.0 0.0.0.255 any
Router(config)#access-list 198 permit icmp 119.75.108.0 0.0.0.255 any
Router(config)#access-list 198 permit ip any any
Router(config)#interface gOVl
Router(config-if)*ip access-group 198 in
Router(config-if)#ip access-group 198 out
Router(config-il)#
Router(config)*access-list 198 permit icmp 169.15.128.0 0.0.0.255 any
Router(config)#access-list 198 permit icmp 119.75.108.0 0.0.0.255 any
Router(config)#access-list 198 deny icmp any any
Router(config)#access-list 198 permit ip any any
Router(config)*interface gO/1
Router(config-if)#ip access-group 198 in
Router(config-if)#ip access-group 198 ou
Router(config-if)#
Router(config)#access-list 98 permit icmp 169.15.128.0 0.0.0.255 any
Router(config)#access-list 98 permit icmp 119.75.108.0 0.0.0.255 any
Router(config)#access-list 98 deny icmp any any
Router(config)#access-list 98 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 98 in
Router(config-if)#ip access-group 98 out
Router(config-if)#
Router(config)#access-list 100 permit icmp 169.15.128.0 0.0.0.255 any
Router(config)#access-list 100 permit icmp 119.75.108.0 0.0.0.255 any
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 deny icmp any any
Router(config)finterface gO/1
Router(config-if)#ip access-group 100 in
Router(config-if)#ip access-group 100 out
Router(confg-if)#
9.Cisco路由器执行show access-1ist命令显示如下一组信息
根据上述信息,正确的access-is配置是()。
Router (config) #f access-ist standard block
Router (config-std-nacl) # deny 10.0.0.0 255.0.0.0 1og
Router (config-std-nacl) # deny 172.16.0.0 255.240.0.0
Router (config-std-nacl) # permit any
Router (config) # ip access-list standard block
Router (config-std-nacl) # permit any
Router (confg-std-nacl) # deny 10.0.0.0 0.255.255.255 1og
Router (config-std-nacl) # deny 172.16.0.0 0.15.255.255
Router (config) # ip access-list standard block
Router (config-std-nacl) # deny 10.0.0.0 255.0.0.0 1og
Router (config-std-nacl) # deny 172.16.0.0 255.240.0.0
Router (config-std-nacl) #f permit any
Router (config) # ip access-list standard block
Router (confg-std-nacl) # deny 10.0.0.0 0.255.255.255 1og
Router (confg-std-nacl) # deny 172.16.0.0 0.15.255.255
Router (confg-std-nacl) # permit any
10.Cisco路由器执行show access-1ist命令显示如下一组控制列表信息
根据上述信息,正确的access-1is配置是()。
Router (config)#access-list 30 deny 127.0.0.0 255.255.255.0
Router (config)#access-list 30 deny 172.16.0.0 255.240.0.0
Router (config)#access-list 30 permit amy
Router (confg-std-nacl)# access-list 30 deny 127.0.0.0 0.255.255.255
Router (confg-std-nacl)# access-list 30 deny 172.16.0.0 0.15.255.255
Router (config-std-nacl)# access-list 30 permit any
Router (config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router (config)#access-list 30 deny 172.16.0.0 0.15.255.255
Router (config)#access-list 30 permit amy
Router (config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router (config)#access-list 30 permit amy
Router (config)#access-list 30 deny 172.16.0.0 0.15.255.255
11.在一台Cisco路由器上执行show access-1ists命令显示如下一组限制远程登录的访问控制列表信息
根据上述信息,正确的access-1ist的配置是()。
Router (config)#access-list 40 permit 167.112.75.89
Router (config)#access-list 40 permit 202.113.65.56
Router (config)#access-list 40 deny any
Router (config)#line vty 0 5
Router (config-line)#access-class 40 in
Router (config)#access-ist 40 permit 167.112.75.89 log
Router (config)#access-list 40 permit 202.113.65.56 1og
Router (config)faccess-list 40 deny any log
Router (config)#line vty 0 5Router (config-line)#access-class 40 in
Router (config)#access-list 40 permit 167.112.75.89 log
Router (config)#access-list 40 permit 202.113.65.56 1og
Router (config)#access-list 40 deny any log
Router (config)#line vty 0 5
Router (config-line)#access-class 40 out
Router (config)#access-list 40 permit 167.112.75.89
Router (config)#access-list 40 permit 202.113.65.56
Router (config)#access-list 40 deny any log
Router (config)#line vty 0 5
Router (config-line)#access-class 40 out
12.在一台Cisco路由器上用show access-list命令得到下列信,息Extended IP access list fengjin1434
deny udp any any eq 1434
deny tcp any any eq 4444
permit ip any any
根据以上信息,下列路由器的access-1ist配置,正确的是()。
Router(config)#ip access-list standard fengjin1434
Router(config-std-nacl)#deny udp any any eq 1434
Router(config-std-nacl)#deny tcp any any eq 4444
Router(config-std-nacl)#permit ip any any
Router(config-std-nacl)#exit
Router(config)#interface gO/1
Router(config-if)#ip access-group fengjin1434 in
Router(config-if)#ip access-group fengjin1434 out
Router(config-if)#
Router(config)#interface g0/1
Router(config-if)#ip access-group fengjin1434 in
Router(config-if)#ip access-group fengjin1434 out
Router(config)#ip access-list standard fengjin1434
Router(config-ext-nacl)#deny udp any any eq 1434
Router(config-ext-nacl)#deny tcp any any eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config-if)#
Router(config)#ip access-list extended fengjin1434
Router(config-ext-nacl)#deny udp any any eq 1434
Router(config-ext-nacl)#deny tcp any any eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/1
Router(config-if)#ip access-group fengjin1434 in
Router(config-if)#ip access-group fengjin1434 out
Router(config-if)#
Router(config)#ip access-list extended fengjin1434
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#deny udp any any eg 1434
Router(config-ext-nacl)#deny tcp any any eq 4444
Router(config-ext-nacl)#exit
Router(config)#interface g0/1
Router(config-if)#ip access-group fengjin1434 in
Router(config-if)#ip access-group fengjin1434 out
Router(config-if)#
13.在一台Cisco路由器上执行show access-1ists命令显示如下一组信息,
根据上述信息,正确的access-list配置是()
Router(config)#ip access-list extended port4444
Router(config-ext-nacl)#deny icmp any any
Router(config-ext-nacl)#deny udp any any eg 1434
Router(config-ext-nacl)#deny tcp any any eq 4444
Router(config-ext-nacl)#permit icmp 202.38.97.0 0.0.0.255 any
Router(config-ext-nacl)#permit ip any any
Router(config)#access-list port4444 permit icmp 202 38.97.0 0.0.0.255 any
Router(config)#access-list port4444 deny icmp any any
Router(config)#access-ist port4444 deny udp any any eq 1434
Router(config)#access-list port4444 deny tcp any any eq 4444
Router(config)#access-list port4444 permit ip any any
Router(config)#ip access-list extended port4444
Router(config-ext-nacl)#permit 202.38.97.0 0.0.0.255 any icmp
Router(config-ext-nacl)#deny any any icmp
Router(config-ext-nacl)#deny any any udp eq 1434
Router(config-ext-nacl)#deny any any tcp eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config)#ip access-list extended port4444
Router(config-ext-nacl)#permit icmp 202.38.97.0 0.0.0.255 any
Router(config-ext-nacl)#deny icmp any any
Router(config-ext-nacl)#deny udp any any eg 1434
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#permit ip any any
14.在一台Cisco路由器的g3/1上,禁止源地址为某些特定地址段的数据包进出路由器,下列正确的access-1ist配置是()。
Router(config)#ip access-list standard nonaddre
Router(config-std-nacl)#deny 10.0.0.0 255.0.0.0
Router(config-std-nacl)#deny 192.168.0.0 255.255.0.0
Router(config-std-nacl)#deny 127.0.0.0 255.0.0.0
Router(config-std-nacl)#deny 172.16.0.0 255.240.0.0
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
Router(config)#ip access-list extended nonaddre
Router(confg-std-nacl)#deny 10.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
Router(config-if)#exit
Router(config)fip access-list standard nonaddre
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#ip access-list standard nonaddre
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(confg-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
15.在Cisco路由器的g0/1端口上禁止源地址为某些特定地址段的数据包进/出路由器,下列access-list的正确配置是()。
Router(config)#access-list 70 deny 10.0.0.0 255.0.0.0
Router(config)#access-list 70 deny 192.168.0.0 255.255.0.0
Router(config)#access-list 70 deny 127.0.0.0 255.0.0.0
Router(config)#access-list 70 deny 172.16.0.0 255.240.0.0
Router(config)#access-list 70 permit any
Router(config)#interface gOV1
Router(config-if)#ip access-group 70 in
Router(config-if)#ip access-group 70 out
Router(config-if)#exit
Router(config)#
Router(config)#access-list 99 deny 10.0.0.0 0.255.255.255
Router(confg)#access-list 99 deny 192.168.0.0 0.0.255.255
Router(config)#access-list 99 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 99 deny 172.16.0.0 0.15.255.255
Router(config)#access-list 99 permit any
Router(config)#interface gO/1
Router(config-if)*ip access-group 99 in
Router(config-if)*ip access-group 99 out
Router(config-if)#exit
Router(config)#
Router(config)#interface g0/1
Router(config-if)#ip access-group 30 in
Router(config-if)#ip access-group 30 out
Router(config-if)#exit
Router(config)#access-list 30 deny 10.0.0.0 0.255.255.255
Router(config)#access-list 30 deny 192.168.0.0 0.0.255.255
Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(confg)#access-list 30 deny 172.16.0.0 0.15.255.255
Router(conÃg)#access-list 30 permit any
Router(config)#access-list 60 deny 10.0.0.0 0.255.255.255
Router(confg)#access-list 60 deny 192.168.0.0 0.0.255.255
Router(confg)#access-list 60 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 60 deny 172.16.0.0 0.15.255.255
Router(config)#access-list 60 permit any
Router(config)#interface g0/1
Router(config-if)#ip access-group 160 in
Router(config-if)#ip access-group 160 out
Router(config-if)#exit
Router(config)#
16.在一台Cisco路由器的g0/1端口上,封禁所有端口号为1434的UDP数据包,正确的access-1ist的配置是()。
Router(config)#access-list 10 deny udp any any eg 1434
Router(config)#access-list 10 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 10 in
Router(config-if#ip access-group 10 out
Router(config-if)#
Router(config)#access-list 110 deny udp any any eg 1434
Router(config)faccess-list 110 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
Router(config)#access-list 130 deny udp any any eq 1434
Router(config)#access-list 130 permit ip any any
Router(config)#interface g0/1
Router(config-if#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
Router(config)#access-list 130 permit ip any any
Router(config)#access-list 130 deny udp any any eq 1434
Router(config)#interface g0/1
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
17.在一台Cisco路由器的g0/1端口上,封禁所有端口号为12345的TCP数据包和端口号为7306的UDP数据包,下列正确的access-1ist配置是()。
Router (config)#ip access-list standard heike12345
Router (config-std -nacl)#deny udp any any eq 7306
Router (config-std -nacl)#deny tcp any any eq 12345
Router (config-std -nacl)#permit ip any any
Router (config-std -nacl)#exit
Router (config)#interface g0/1
Router (config-if)#ip access-group heike12345 in
Router (config-if)#ip access-group heike12345 out
Router (config-if)#
Router (config)#ip access-list extended heike12345
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#deny udp any any eq 7306
Router (config-ext-nacl)#deny tcp any any eq 12345
Router (config-ext-nacl)#exit
Router (config)#interface g0/1
Router (config-if)#ip access-group heike12345 in
Router (config-if)#ip access-group heike12345 out
Router (config-if)#
Router (config)#ip access-list extended heike12345
Router (config-ext-nacl)#deny any any udp eq 7306
Router (config-ext-nacl)#deny any any tcp eq 12345
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#exit
Router (config)#interface gO/1
Router (config-if)#ip access-group heike12345 in
Router (config-if)#ip access-group heike12345 out
Router (config-if)#
Router (config)#ip access-list extended heike12345
Router (config-ext-nacl)#deny udp any any eq 7306
Router (config-ext-nacl)#deny tcp any any eq 12345
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#exit
Router (config)#interface g0/1
Router (config-if)#ip access-group heike12345 in
Router (config-if)#ip access-group heike12345 out
Router (config-if)#
18.在一台Cisco路由器的g0/1端口上,封禁所有端口号为1434的UDP数据包,正确的access-1ist的配置是()。
Router(config)#access-list 10 deny udp any any eq 1434
Router(config)faccess-list 10 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 10 in
Router(config-if)#ip access-group 10 out
Router(config-if)#
Router(config)#access-list 110 deny udp any any eq 1434
Router(config)#access-list 110 permit ip any any
Router(config)#interface g0/1
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
Router(config)#access-list 130 deny udp any any eq 1434
Router(config)#access-list 130 permit ip any any
Router(config)#interface gO/1
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
Router(config)#access-list 130 permit ip any any
Router(config)#access-list 130 deny udp any any eq 1434
Router(config)#interface g0/1
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config-if)#
19.在Cisco路由器的g0/4接口上禁止端口号1434的UDP数据包,正确的access-1ist配置是()。
Router(config)#access-list extended 130
Router(config-ext-nacl)#deny ip any any eg 1434
Router(config-ext-nacl#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/4
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config)#ip access-list standard 130
Router(config-std-nacl)#deny udp any any eq 1434
Router(config-std-nacl)#permit ip any any
Router(config-std-nacl)#exit
Router(config)#interface gO/4
Router(config-if)#ip access-group 130 inRouter(config-if)#ip access-group 130 out
Router(config)#ip access-list extended 130
Router(config-ext-nacly#permit ip any any
Router(config-ext-nacl)#deny udp any any eg 1434
Router(config-ext-nacl)#exit
Router(config)#interface g0/4
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
Router(config)#ip access-list extended 130
Router(config-ext-nacl)#deny udp any any eq 1434
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/4
Router(config-if)#ip access-group 130 in
Router(config-if)#ip access-group 130 out
20.在一台Cisco路由器的g0/3端口上封禁端口号为4444的TCP数据包,正确的access-1is配置是()。
Router(config)#ip access-list standard jzh4444
Router(config-std-nacl)#deny tcp any any eg 4444
Router(config-std-nacl)#permit ip any any
Router(config-std-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group jzh4444 in
Router(config-if)#ip access-group jzh4444 out
Router(config)#ip access-list extended jzh4444
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group jzh4444 in
Router(config-if)#ip access-group jzh4444 out
Router(config)#ip access-list extended jzh4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group jzh4444 in
Router(config-if#ip access-group izh4444 out
Router(config)#ip access-list extended jzh4444
Router(config-ext-nacl)#deny any any tcp eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group jzh4444 in
Router(config-if)#ip access-group jzh4444 out
21.在一台Cisco路由器的g0/3端口封禁端口号为4444的TCP数据包,只允许166.105.130.0/24和202.112.8.0/30子网的4444端口的TCP数据包通过路由器,正确的access-list配置是()。
Router (config)# ip access-list extended block 4444
Router (config-ext-nacl )# permit tcp166.105.130.0 255.255.255.0 any eq 4444
Router (config-ext-nacl)# permit tcp202.112.8.0 255.255.255.252 any eq 4444
Router(config-ext-nacl)# deny tcp any any eq 4444
Router(config-ext-nacl)# permi tip any any
Router(config)#interface g0/3
Router(config-if)#ip access-group block 4444 in
Router(config-if)#ip access-group block 4444 out
Router(config)#ip access-list extended block 4444
Router(config-ext-nacl)#permit 166.105.130.0 0.0.0.255 any tcp eq 4444
Router(config-ext-nacl)#permit 202.1128.0 0.0.0.3 any tcp eq 4444
Router(config-ext-nacl)#deny any any tcp eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config)#interface g0/3
Router(config-if)#ip access-group test in
Router(config-if)#ip access-group test out
Router(confg)#ip access-listextended block4444
Router(config-ext-nacl)#permit tcp 166.105.130.0 0.0.0.255 any eq 4444
Router(config-ext-nacl)#permit tcp 202.112.8.0 0.0.0.3 any eq 4444
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group block 4444 in
Router(config-if)#ip access-group block 4444 out
Router(config)#ip access-list extended block 4444
Router(config-ext-nacl)#permit tcp 166.105.130.0 0.0.0.255 any eq 4444
Router(config-ext-nacl)#permit tcp 202.112.8.0 0.0.0.3 any eq 4444
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#permit tcp any any
Router(config)#interface g0/3
Router(config-if)#ip access-group block 4444 in
Router(config-if)#ip access-group block 4444 out
22.用标准访问控制列表禁止非法地址197.178.0.0/16的数据包进出路由器的正确配置是()。
access-list 110 deny 197.178.0.0 0.0.255.255
access-list 110 permit any
access-list 10 deny 197.178.0.0 255.255.0.0
access-list 10 permit any
access-list 50 permit any
access-list 50 deny 197.178.0.0 0.0.255.255
access-list 99 deny 197.178.0.0 0.0.255.255
access-list 99 permit any
23.只封禁一台地址为193.62.40.230主机的access-1ist的正确配置是()。
access-list 110 permit ip any any
access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
access-list 110 permit ip any any
access-list 110 deny ip host 193.62.40.230 any
access-list 110 deny ip any host 193.62.40.230
access-list 110 deny ip host 193.62.40.230 any
access-list 110 permit ip any any
access-list 110 deny ip any host 193.62.40.230
24.在Cisco路由器上封禁IP地址为211.78.25.23的主机,下列access-1is配置,正确的是()
access-list 112 permit any any ip
access-list 112 deny ip host 211.78.25.23 any
access-list 112 deny ip any host 211.78.25.23
access-list 112 deny ip host 211.78.25.23 any
access-list 112 deny ip any host 211.78.25.23
access-list 112 permit any any ip
access-list 112 deny ip host 211.78.25.23 any
access-list 112 deny ip any host 211.78.25.23
access-list 112 permit ip any any
access-list 112 deny ip host 211.78.25.23 any
access-list 112 deny ip host any 211.78.25.23
access-list 112 permit ip any any
25.在一台Cisco路由器的g0/3端口上禁止源地址为内部地址的数据包进出路由器,正确的acces-1ist配置是()。
Router#configure terminal
Router(config)#ip access-list standard izhffdz
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255 1og
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group test in
Router(config-if)#ip access-group test out
Router#configure terminal
Router(config)#ip access-list standard jzhfrdz
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255 1og
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group jzhffdz in
Router(config-if)#ip access-group izhffdz out
Router#configure terminal
Router(config)#ip access-list standard jzhffdz
Router(config-std-nacl)#deny 10.0.0.0 255.0.0.0 1og
Router(config-std-nacl)#deny 192.168.0.0 255.255.0.0
Router(config-std-nacl)#deny 127.0.0.0 255.0.0.0
Router(config-std-nacl)#deny 172.16.0.0 255.240.0.0
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g0/3
Router(config-if#ip access-group jzhffdz in
Router(config-if#ip access-group izhffdz out
Router#configure terminal
Router(config)#interface g0/3
Router(config-if)#ip access-group jzhffdz in
Router(config-if)#ip access-group izhffdz out
Router(config)#ip access-list standard izhffdz
Router(config-std-nacl)#permit any
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255 1og
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#exit
26.在一台Cisco路由器的g0/10端口上禁止端口号为1434的TCP协议数据包进出路由器,正确的access-1is配置是()。
Router#configure terminal
Router(config)#access-list 120 deny tcp any any eg 1434
Router(config)#access-list 120 permit ip any any
Router(config)#interface g0/10
Router(config-if)#ip access-group 120 in
Router(config-if)#ip access-group 120 out
Router#configure terminal
Router(config)#faccess-list 120 deny tcp any any eq 1434
Router(config)#access-list 120 permit tcp any any
Router(config)#interface g0/10
Router(config-if)#ip access-group 120 in
Router(config-if)#ip access-group 120 out
Router#configure terminal
Router(config)#access-list 90 deny tcp any any eg 1434
Router(config)#faccess-list 90 permit ip any any
Router(confg)#interface g0/10
Router(config-if)#ip access-group 90 in
Router(config-if)#ip access-group 90 out
Router#configure terminal
Router(config)#access-list 120 permit ip any any
Router(config)#access-list 120 deny tcp any any eg 1434
Router(config)#interface g0/10
Router(config-if)#ip access-group 120 in
Router(config-if)#ip access-group 120 out
27.在一台Cisc路由器的g01端口上,用标准访问控制列表禁止源地址为100.0-10.2S5.2525和172.160.0-172.31.255.25的数据包进出路由器。下列aces-1配,置,正确的是()
Router (config)#access-list 30 deny 10.0.0.0 0.255.255.255 1og
Router (config)#access-list 30 deny 172.16.0.0 0.15.255.255
Router (config)#access-list 30 permit any
Router (config)#interface g0/1
Router (config-if)#ip access-group 30 in
Router (config-if)#ip access-group 30 out
Router (config)#access-list 30 deny 10.0.0.0 255.255.255.0 1og
Router (config)#access-list 30 deny 172.16.0.0 255.240.0.0
Router (config)#access-list 30 permit any
Router (config)#interface g0/1
Router (config-if)#ip access-group 30 in
Router (config-if)#ip access-group 30 out
Router (config)#access-list 100 deny 10.0.0.0 0.255.255.255 1og
Router (config)#access-list 100 deny 172.16.0.0 0.15.255.255
Router (config)#access-list 100 permit any
Router (config)#interface g0/1
Router (config-if)#ip access-group 100 in
Router (config-if)#ip access-group 100 out
Router (config)#interface g0/1
Router (config-if)#ip access-group 99 in
Router (config-if)#ip access-group 99 out
Router (config-if)#exit
Router (config)#access-list 99 deny 10.0.0.0 0.255.255.255 1og
Router (config)#access-list 99 deny 172.16.0.0 0.15.255.255
Router (config)#access-list 99 permit any
28.拒绝转发所有正P地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-1is面需是()。
Router(config)#access-list 30 deny udp any any eg 1434
Router(config)#access-list 30 deny tcp any any eg 4444
Router(config)#access-list 30 permit ip any any
Router(confg)#access-list 130 deny udp any any eg 1434
Router(config)#access-list 130 deny tcp any any eg 4444
Router(config)#access-list 130 permit ip any any
Router(confg)#access-list 110 deny any any udp eg 1434
Router(config)#access-list 110 deny any any tcp eg 4444
Router(config)#access-list 110 permit ip any any
Router(config)#access-list 150 deny udp eg 1434 any any
Router(config)#access-list 150 deny tcp eg 4444 any any
Router(config)#access-list 150 permit ip any any
29.在Cisco路由器的e0/3端口上禁止端口号为7028的UDP数据包和端口号为4321的TCP数据包,下列access-ist的正确配置是()
Router (config)#ip access-list standard fengjin7028
Router (config-std-nacl)#deny udp any any eq 7028
Router (config-std-nacl)#deny tcp any any eq 4321
Router (config-std-nacl)#permit ip any any
Router (config-std -nacl)#exit
Router (config)#interface gO/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (config)#ip access-list extended fengjin7028
Router (config-ext-nacl)#deny any any udp eg 7028
Router (config-ext-nacl)#deny any any tcp eq 4321
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#fexit
Router (config)#interface gO/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (config)#ip access-list extended fengjin7028
Router (config-ext-nacl)#deny udp any any eq 7028
Router (config-ext-nacl)#deny tcp any any eq 4321
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (confg)#ip access-list extended fengjin7028
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#deny udp any any eq 7028
Router (config-ext-nacl)#deny tcp any any eq 4321
Router (config-ext-nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
30.在一台Cisco路由器的g0/1端口上,封禁所有端口号为2745的TCP数据包和端口号为445的UDP数据包,下列正确的aecess-list配置是()
Router(confg)#faccess-list 99 deny tep any any eq 2745
Router(config)#access-list 99 deny udp any any eq 445
Router(config)#access-list 99 permit ip any any
Router(config)#interface g0/l
Router(confg-if)#ip access-group 100 in
Router(config-if)fip access-group 100 out
Router(config-if)#
Router(config)#access-list 199 deny any any tcp eq 2745
Router(config)#access-list 199 deny any any udp eq 445
Router(config)#access-list 199 permit ip any any
Router(config)#interface gO/l
Router(config-if)#ip access-group 199 in
Router(config-il)“ip access-group 199 out
Router(config-if#
Router(config)#access-list 100 deny tcp any any eq 2745
Router(config)#access-list 100 deny udp any any eq 445
Router(config)#access-list 100 permit ip any any
Router(config)#interface gO/l
Router(config-if)#ip access-group 100 in
Router(config-if)#ip access-group 100 out
Router(config-if#
Router(config)#access-list 150 deny tcp any any eq 2745
Router(config)#access-list 150 permit ip any any
Router(config)#access-list 150 deny udp any any eq 445
Router(config)#interface g0/1
Router(config-if)#ip access-group 150 in
Router(config-if)#ip access-group 150 out
Router(config-if)#
31.在Cisco路由器的g013端口上禁止端口号为7028的UDP数据包和端口号为4321的TCP数据包,下列acess-1ist的正确配置是()。
Router (config)#ip access-list standard fengjin7028
Router (config-std-nacl)#deny udp any any eq 7028
Router (config-std-nacl)#deny tcp any any eg 4321
Router (config-std-nacl)#permit ip any any
Router (config-std -nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (config)#ip access-list extended fengiin7028
Router (config-ext-nacl)#deny any any udp eg 7028
Router (config-ext-nacl)#deny any any tcp eq 4321
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (config)#ip access-list extended fengjin702
Router (config-ext-nacl)#deny udp any any eq 7028
Router (config-ext-nacl)#deny tcp any any eq 4321
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
Router (config)#ip access-list extended fengjin7028
Router (config-ext-nacl)#permit ip any any
Router (config-ext-nacl)#deny udp any any eq 7028
Router (config-ext-nacl)#deny tcp any any eq 4321
Router (config-ext-nacl)#exit
Router (config)#interface g0/3
Router (config-if)#ip access-group fengjin7028 in
Router (config-if)#ip access-group fengjin7028 out
32.使用名字标识访问控制列表的配置方法,在Csco路由器的g013接口封禁端口号为1434的UDP数据包和端口号为444的TCP数据包,正确的访问控制列表的配置是()
Router(config)#ip access-list extended WINSQL
Router(config-ext-nacl)#deny any any udp eq 1434
Router(config-ext-nacl)#deny any any tcp eq 4444
Router(config-ext-nacl)#permit ip any any
Router(config)#ip access-list standard WINSQL
Router(config-std-nacl)#deny udp any any eg 1434
Router(config-std-nacl)#deny tcp any any eq 4444
Router(config-std-nacl)#permit ip any any
Router(config-std-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group WINSQL in
Router(config-if)#ip access-group WINSQL out
Router(config)#ip access-list extended WWINSQL
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#deny udp eq 1434 any any
Router(config-ext-nacl)#deny tcp eq 4444 any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group WINSQL out
Router(config)#ip access-list extended WINSO]
Router(config-ext-nacl)#deny udp any any eg 1434
Router(config-ext-nacl)#deny tcp any any eg 4444
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g0/3
Router(config-if)#ip access-group WINSQL in
Router(config-if)#ip access-group WINSQL out
33.在一台Cisco路由器的,31端口封禁端口号为139的TCP和端口号为1434的UDP连接,并封禁ICMP协议,只允许212.15.41.0126子网的ICMP数据包通过路由器,正确的access-list配置是()。
Router(config)#ip access-list extended filter
Router(config-ext-nacl)#permit icmp 212.15.41.0 255.255.255.192 any
Router(config-ext-nacl)#deny icmp any any
Router(config ext-nacl)#deny udp any any eq 1434
Router(config-ext-nacl)#deny tcp any any eq 139
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group filter in
Router(config-if)#ip access-group filter out
Router(config)#ip access-list extended filter
Router(config-ext-nacl)#permit icmp 212.15.41.0 0.0.0.192 any
Router(config-ext-nacl)#deny icmpany any
Router(config-ext-nacl)#denyudp any any eq 1434
Router(config-ext-nacl)#denytcp any any eq 139
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group filter in
Router(config-if)#ip access-group filter out
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
Router(config-if)#exit
Router(config)fip access-list standard nonaddre
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(config-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#ip access-list standard nonaddre
Router(config-std-nacl)#deny 10.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 192.168.0.0 0.0.255.255
Router(confg-std-nacl)#deny 127.0.0.0 0.255.255.255
Router(config-std-nacl)#deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#interface g3/1
Router(config-if)#ip access-group nonaddre in
Router(config-if)#ip access-group nonaddre out
34.在一台Cisc路由器上,只允许P地址为212.78.4.100124的主机和202.34.76.64126子网上的所有主机远程登录路由器,下列正确的access-1is硬置是()。
Router(config)#access-list 30 permit 202.34.76.64 0.0.0.63
Router(config)#access-list 30 permit 212.78.4.100
Router(config)#access-list 30 deny any
Router(config)#line vty 0 5
Router(config-line)#access-class 30 in
Router(config)#access-list 30 permit 202.34.76.64 0.0.0.192
Router(config)#access-list 30 permit 212.78.4.100
Router(config)#access-list 30 deny any
Router(config)#line vty 0 5
Router(config-line)#access-class 30 in
Router(config)#access-list 30 permit 202.34.76.64 0.0.0.63
Router(config)#access-list 30 permit 212.78.4.100
Router(configy#line vty 0 5
Router(config-line)#access-class 30 in
Router(config)#access-list 30 permit 202 34.76.64 255.255.255.192
Router(config)#access-list 30 permit 212.78.4.100
Router(config)#access-list 30 deny any
Router(config)#line vty 0 5
Router(config-line)#access-class 30 in