实验指南:ACL(下)
版权声明:原创作品,谢绝转载!否则将追究法律责任。 |
实验指南
 OSPF is the routing protocol. All new sites are to be configured as stub areas.
Control traffic so that only FTP, TFTP, and ping go across the serial link. Allow FTP access only to the server 150.10.1.10 from the 132.31.5.16/27 subnet.
Use named access lists. Configure an access list that denies Telnet access to graceland until a user authenticates with the wavester router. Then allow access only from the 132.31.5.16/27 subnet.
Jo_college conf t host Jo_college int l 0 ip ad 1.1.1.1 255.255.255.255 int f 0/0 ip ad 132.31.5.17 255.255.255.224 ip access-group NAMEACL in no shut int s2/0 ip ad 150.100.100.1 255.255.255.252 encap f no arp f no frame inver frame map ip 150.100.100.2 102 b no shut exit ip access-list extended NAMEACL permit icmp any any permit ospf any any permit udp any any eq tftp permit tcp 132.31.5.16 0.0.0.15 host 150.10.1.10 eq ftp permit tcp 132.31.5.16 0.0.0.15 any eq telnet router ospf 1 router-id 1.1.1.1 nei 150.100.100.2 net 132.31.5.17 0.0.0.0 a 100 net 150.100.100.1 0.0.0.0 a 100 area 100 stub end Wavester conf t host Wavester username MATT password cisco username MATT autocommand access-enable host timeout 10 int l 0 ip ad 2.2.2.2 255.255.255.255 int s2/0 ip ad 150.100.100.2 255.255.255.252 encap f no arp f no frame inver frame map ip 150.100.100.1 201 b no shut ip access-group DYNAMICACL in int f 0/0 ip ad 150.10.1.4 255.255.255.0 no shut exit ip access-list extended DYNAMICACL dynamic cisco timeout 10 permit tcp 132.31.5.16 0.0.0.15 host 150.10.1.1 eq telnet permit tcp 132.31.4.16 0.0.0.15 any eq telnet deny tcp any host 150.10.1.1 eq telnet permit ip any any router ospf 1 router-id 2.2.2.2 nei 150.100.100.1 net 150.100.100.2 0.0.0.0 a 100 net 150.10.1.4 0.0.0.0 a 0 area 100 stub end Graceland conf t host Graceland int l 0 ip ad 3.3.3.3 255.255.255.255 int f 0/0 ip ad 150.10.1.1 255.255.255.0 no shut exit router ospf 1 net 150.10.1.1 0.0.0.0 a 0 end 本文出自 “穿过地狱去看海” 博客,谢绝转载! 本文出自 51CTO.COM技术博客 |
cj231210
博客统计信息
热门文章
最新评论
友情链接
