acl访问控制列表实验


acl访问控制列表实验 
 实验拓扑图如上     www.zhishiwu.com  1.配置IP地址R1与R3  Loopback0=x.x.x.x/24   IP=192.168.yx.x/242.用rip宣告,测通信 3. R1与R3配置VTY与特权口令cisco,测试能否TELNET配置R1R1(config)#int s0/3/0R1(config-if)#clo rat 64000R1(config-if)#ip add 192.168.21.1 255.255.255.0R1(config-if)#no shR1(config-if)#exitR1(config)#int l 0R1(config-if)#ip add 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#router rip R1(config-router)#net 1.0.0.0R1(config-router)#net 192.168.21.0R1(config-router)#exitR1(config)#ena pass ciscoR1(config)#line vty 0 4R1(config-line)#pass ciscoR1#tel 3.3.3.3Trying 3.3.3.3 ... User Access VerificationPassword: R3>en(R1telnetR3成功)Password: R3#配置R2R2(config)#int s0/3/1R2(config-if)#cl ra 64000R2(config-if)#no shR2(config-if)#ip add 192.168.32.2 255.255.255.0R2(config-if)#int s0/3/0R2(config-if)#no shR2(config-if)#ip add 192.168.21.2 255.255.255.0R2(config-if)#exitR2(config)#router ripR2(config-router)#net 192.168.21.0R2(config-router)#net 192.168.32.0配置R3R3(config)#int s0/3/0R3(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/3/0, changed state to upR3(config-if)#R3(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to upR3(config-if)#ip add 192.168.32.3 255.255.255.0R3(config-if)#int l 0%LINK-5-CHANGED: Interface Loopback0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upR3(config-if)#R3(config-if)# ip add 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#router ripR3(config-router)#net 192.168.32.0R3(config-router)#net 3.0.0.0R3(config)#ena pass ciscoR3(config)#line vty 0 4R3(config-line)#pass ciscoR3(config-line)#4.禁止R2访问R1:(R3能否PING通R1的s0//3/0.反之)  查看通信   清除路由表信息或邻居  R1--pingR2/R3,查看连通,为什么PIng不通(刚开始能够ping通,因为路由表没有更新,清理路由表之后ping不通因为acl)
 在R1上面配置R1(config)#access-list 1 deny 192.168.21.2R1(config)#access-list 1 deny 192.168.32.2R1(config)#access-list 1 per anyR1(config)#int s0/3/0R1(config-if)#ip accR1(config-if)#ip access-group 1 inR1(config-if)#exiR1(config)#exiR1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area       * - candidate default, U - per-user static route, o - ODR       P - periodic downloaded static routeGateway of last resort is not set     1.0.0.0/24 is subnetted, 1 subnetsC       1.1.1.0 is directly connected, Loopback0R    3.0.0.0/8 [120/2] via 192.168.21.2, 00:00:35, Serial0/3/0C    192.168.21.0/24 is directly connected, Serial0/3/0R    192.168.32.0/24 [120/1] via 192.168.21.2, 00:00:35, Serial0/3/0R1#clear ip route *R1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area       * - candidate default, U - per-user static route, o - ODR       P - periodic downloaded static routeGateway of last resort is not set     1.0.0.0/24 is subnetted, 1 subnetsC       1.1.1.0 is directly connected, Loopback0C    192.168.21.0/24 is directly connected, Serial0/3/0R3#ping 1.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 msR3#ping 1.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:.....Success rate is 0 percent (0/5
 5.(删除前ACL配置)禁止R1 telnet R3使用扩展, R3配置R1#conf tEnter configuration commands, one per line.  End with CNTL/Z.R1(config)#no accR1(config)#no access-list 1R3(config)#access-list 101 deny tcp host 1.1.1.1 host 192.168.32.3 eq 23R3(config)#acc 101 deny tcp ho 192.168.21.1 ho 192.168.32.3 ea 23^% Invalid input detected at '^' marker. R3(config)#acc 101 deny tcp ho 192.168.21.1 ho 192.168.32.3 eq 23R3(config)#acc 101 per ip any anyR3(config)#int s0/3/0R3(config-if)#ip accR3(config-if)#ip access-group 101 inR1#tel 192.168.32.3Trying 192.168.32.3 ...% Connection timed out; remote host not responding 

推荐阅读

    学习写字楼新选择6000元主流配置

    学习写字楼新选择6000元主流配置,,这种配置需要考虑双核心的办公和娱乐平台,充分考虑办公室的办公需求和娱乐需求,以约6000元的预算和cost-e

    酷睿I7 配置

    酷睿I7 配置,配置,玩家国度啦华硕 Rampage II Extreme(3800元)如果米不够,也可以把Extreme改为Gene,不过是小板内存推荐金士顿6G DDR3 2000骇

    提高3A四核羿龙II游戏配置的性能

    提高3A四核羿龙II游戏配置的性能,,以节能环保为主题的IT产业,目前3A低端平台处理器、主板芯片组、独立开发卡性能突出,特别是在与AMD的处理

    opporeno8参数配置及价格

    opporeno8参数配置及价格,面部,亿元,Oppo的荣誉2020年1月4日,接近屏幕关闭传感器是否支持双卡:支持oppor11splus什么时候上市的Oppo R11S P

    查看配置:酷睿i3530集展示办公平台

    查看配置:酷睿i3530集展示办公平台,,由于时间和精力的关系,我们不可能对所有的配置进行评论,希望我们能理解,我希望我们的评论能在那些需要帮

    3500元超额值学生娱乐结构的优化配置

    3500元超额值学生娱乐结构的优化配置,,作为一个DIY的主流用户领域的学生,每个用户51学生攒机的高峰。因为学生用户没有稳定的收入来源,攒机