第12讲访问控制列表的应用讲述.ppt

问题回顾 1. IP 访问列表有哪三种类型?如何配置？ 2. 在访问列表的最后有哪一个语句是隐含的? Slide 3 of 3 Purpose: Emphasize: Layer 3—Adds the Novell IPX access lists covered in the IPX chapter and the number ranges for these types of access lists. As of Release 11.2.4(F), IPX also supports named access lists. Point out that number ranges generally allow 100 different access lists per type of protocol. When a given hundred-number range designates a standard access list, the rule is that the next hundred-number range is for extended access lists for that protocol. Exceptions to the numbering classification scheme include AppleTalk and DECnet, where the same number range can identify various access list types. For the most part, number ranges do not overlap between different protocols. Note: With IOS 12.0, the IP access-lists range has been expanded to also include: 1300-1999 IP standard access list (expanded range) 2000-2699 IP extended access list (expanded range) Slide 1 of 2 Purpose: Emphasize: Introduce the wildcard bit process. Tell students the wildcard bit matching process is different than the IP subnet addressing mask covered earlier. This graphic describes the binary wildcard masking process. Illustrate how wildcard masking works using the examples shown in the graphic table. The term wildcard masking is a nickname for this access list mask-bit-matching process. This nickname comes from an analogy of a wildcard that matches any other card in a poker game. Emphasize the contrast between wildcard masks and subnet masks stated in the student guide note. The confusion over wildcard and subnet masks can be a key obstacle to learning if students fail to understand the different uses of binary 0 and binary 1 in the two mask types. Point out that the 1 bits in a wild card mask need not be contiguou while the 1 bits in a subnet mask need to be contiguous. Wildcard is like the DOS “*” character. Slide 1 of 2 Purpose: This slide gives the specific command syntax for TCP/IP standar