配置访问控制列表 
版权声明:原创作品,谢绝转载!否则将追究法律责任。 |
 初始配置: R1 conf t int f 0/0 ip ad 10.1.1.1 255.255.255.0 no shut int l0 ip ad 1.1.1.1 255.255.255.255 router rip ver 2 net 10.0.0.0 net 1.00.0.0 no au R3
conf t int s2/0 ip ad 10.1.2.3 255.255.255.0 clock rate 64000 no shut router rip ver 2 net 10.0.0.0 no au R2
conf t int f 0/0 ip ad 10.1.1.2 255.255.255.0 no shut int s2/0 ip ad 10.1.2.2 255.255.255.0 no shut router rip ver 2 no au net 10.0.0.0 exit CASE1:标准ACL(1)
R2
int f 0/0 ip access-group 1 in exit access-list 1 permit host 10.1.1.1 校验:
R1#ping 10.1.2.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 U.U.U Success rate is 0 percent (0/5) R1#ping 10.1.2.3 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/103/220 ms CASE 2:标准ACL(2) 在R2上配置 int f 0/0 ip access-group 1 in exit access 1 deny host 10.1.1.1 access 1 permit any 校验:
R1#ping 10.1.2.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 U.U.. Success rate is 0 percent (0/5) R1#ping 10.1.2.3 source 1.1.1.1 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/59/112 ms CASE3:扩展ACL(1) R3 int l 1 ip ad 3.3.3.1 255.255.255.255 int l 2 ip ad 3.3.3.2 255.255.255.255 int l 3 ip ad 3.3.3.3 255.255.255.255 router rip net 3.0.0.0 R2
access 100 permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255 int f0/0 ip access-group 100 in 校验:
R1#ping 3.3.3.3 source l 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/90/200 ms R1#ping 3.3.3.3 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) CASE4:扩展ACL(2)
R3 conf t username R3 password pass line vty 0 4 login local end R2
conf t access-list 100 deny tcp any any eq telnet access-list 100 permit ip any any int f0/0 ip access-group 100 in end 校验:
R1#telnet 3.3.3.3 Trying 3.3.3.3 ... % Destination unreachable; gateway or host down R1#telnet 10.1.2.3
Trying 10.1.2.3 ... % Destination unreachable; gateway or host down CASE5:使用ACL限制时间范围
R2 conf t time-range allowtelnet periodic daily 19:00 to 19:01 /×由于是实验,所以这里只把时间范围设定为1分钟,有便于校验 exit access 100 deny tcp host 10.1.1.1 3.3.3.0 0.0.0.255 eq telnet time-range allowtelnet access 100 permit ip any any int f 0/0 ip access-group 100 in end R2#sh time-range
time-range entry: allowtelnet (active) periodic daily 19:00 to 19:01 used in: IP ACL entry R2#sh ip access Extended IP access list 100 10 deny tcp host 10.1.1.1 3.3.3.0 0.0.0.255 eq telnet time-range allowtelnet (active) (3 matches) 20 permit ip any any (54 matches) R1#telnet 3.3.3.3
Trying 3.3.3.3 ... % Destination unreachable; gateway or host down R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/115/256 ms R1#ping 10.1.2.3 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 92/158/292 ms 1分钟以后:
R1#telnet 3.3.3.3 Trying 3.3.3.3 ... Open User Access Verification Username: r3
Password: R3>quit [Connection to 3.3.3.3 closed by foreign host] 本文出自 “穿过地狱去看海” 博客,谢绝转载! 本文出自 51CTO.COM技术博客 |
cj231210
博客统计信息
热门文章
最新评论
友情链接
