ip 192.168.10.2 192.168..."/>
溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

標(biāo)準(zhǔn)ACL配置小實(shí)驗(yàn)走起

發(fā)布時(shí)間:2020-07-19 22:37:01 來(lái)源:網(wǎng)絡(luò) 閱讀:256 作者:wx5d3faba330584 欄目:系統(tǒng)運(yùn)維

實(shí)驗(yàn)要求

在R1路由上建立標(biāo)準(zhǔn)ACL,實(shí)現(xiàn)僅允許PC1能訪問(wèn)PC3,禁止PC2對(duì)PC3進(jìn)行訪問(wèn)的功能。

標(biāo)準(zhǔn)ACL配置小實(shí)驗(yàn)走起

具體配置

1、配置三臺(tái)pc機(jī)地址、網(wǎng)關(guān)

PC1> ip 192.168.10.2 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0 gateway 192.168.10.1

PC2> ip 192.168.10.3 192.168.10.1 
Checking for duplicate address...
PC1 : 192.168.10.3 255.255.255.0 gateway 192.168.10.1

PC3> 
PC3> ip 192.168.20.2 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.2 255.255.255.0 gateway 192.168.20.1

2、配置交換機(jī)sw

sw#conf t 
sw(config)#no ip routing

3、配置路由兩端地址、子掩

R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 192.168.10.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int f0/1
R1(config-if)#ip add 192.168.20.1 255.255.255.0
R1(config-if)#no shut

4、測(cè)試三臺(tái)pc連通性,可以互聯(lián)互通

PC1> ping 192.168.20.2           
192.168.20.2 icmp_seq=1 timeout
84 bytes from 192.168.20.2 icmp_seq=2 ttl=63 time=15.676 ms
84 bytes from 192.168.20.2 icmp_seq=3 ttl=63 time=17.680 ms
84 bytes from 192.168.20.2 icmp_seq=4 ttl=63 time=21.956 ms
84 bytes from 192.168.20.2 icmp_seq=5 ttl=63 time=12.700 ms

PC1> ping 192.168.10.3
192.168.20.2 icmp_seq=1 timeout
192.168.20.2 icmp_seq=2 timeout
84 bytes from 192.168.10.3 icmp_seq=3 ttl=63 time=17.735 ms
84 bytes from 192.168.10.3 icmp_seq=4 ttl=63 time=14.069 ms
84 bytes from 192.168.10.3 icmp_seq=5 ttl=63 time=14.960 ms

5、在路由上定義ACL語(yǔ)句

R1(config-if)#access-list 1 deny host 192.168.10.2    #禁止pc2主機(jī)地址
R1(config)#do show access-list
R1(config)#access-list 1 permit any     #不寫(xiě)則默認(rèn)拒絕所有
R1(config)#int f0/0
R1(config-if)#ip access-group 1 in     #ACL應(yīng)用在接口f0/0,定義為入口

6、此時(shí)用pc1訪問(wèn)pc3

PC1> ping 192.168.20.2
*192.168.10.1 icmp_seq=1 ttl=255 time=20.233 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=2 ttl=255 time=4.913 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=3 ttl=255 time=12.927 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=4 ttl=255 time=12.965 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=5 ttl=255 time=13.958 ms (ICMP type:3, code:13, Communication administratively prohibited)

7、PC1可以ping通PC2

PC1>ping 192.168.10.3
84 bytes from 192.168.10.3 icmp_seq=1 ttl=64 time=0.000 ms
84 bytes from 192.168.10.3 icmp_seq=2 ttl=64 time=0.975 ms
84 bytes from 192.168.10.3 icmp_seq=3 ttl=64 time=0.997 ms
84 bytes from 192.168.10.3 icmp_seq=4 ttl=64 time=0.000 ms
84 bytes from 192.168.10.3 icmp_seq=5 ttl=64 time=1.731 ms

小型標(biāo)準(zhǔn)ACL配置實(shí)驗(yàn)成功

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI