当前位置:文档之家 › 标准ACL访问控制列表实验

标准ACL访问控制列表实验

  • 格式:pdf
  • 大小:188.31 KB
  • 文档页数:6

下载文档原格式

  / 6
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

标准ACL(海映蓝天)

实验拓扑

实验目的

定义标准ACL

应用标准ACL

access-class 应用

定义命名标准ACL

基本配置

R1(config)# access-list 2 remark ONLY HOST PC1 CAN TELNET R1(config)# access-list 2 permit host 192.168.1.2

R1(config)# line vty 0 4

R1(config-line)# access-class 2 in

R1(config-line)# password cisco

R1(config-line)# login

R2(config)# access-list 2 remark ONLY HOST PC1 CAN TELNET R2(config)# access-list 2 permit host 192.168.1.2

R2(config)# line vty 0 4

R2(config-line)# access-class 2 in

R2(config-line)# password cisco

R2(config-line)# login

R3(config)# access-list 2 remark ONLY HOST PC1 CAN TELNET R3(config)# access-list 2 permit host 192.168.1.2

R3(config)#access-list 1 remark DENY NETWORK 192.168.2.0 FROM R1

R3(config)# access-list 1 deny 192.168.2.0 0.0.0.255

R3(config)# access-list 1 permit any

R3(config)# interface serial3/0

R3(config-if)# ip access-group 1 in

R3(config-if)# line vty 0 4

R3(config-line)# access-class 2 in

R3(config-line)# password cisco

R3(config-line)# login

定义ACL应用:

接口应用

router map中的match应用

vty下access-class命令调用来控制Telnet的访问access-class只对标准ACL有效

R3#show ip access-list

Standard IP access list 2

permit host 192.168.1.2

Standard IP access list 1

deny 192.168.2.0 0.0.0.255 (20 match(es))

permit any (252 match(es))

括号中的数目表示匹配条件数据包的个数,可以用命令clear access-list counters 将ACL计数器清零

R3#show ip interface

Serial3/0 is up, line protocol is up (connected)

Internet address is 192.168.4.2/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is 1

……

表明在接口Serial3/0入方向应用了ACL 1

配置命名标准ACL

R3(config)# ip access-list standard ACL1

R3(config-std-nacl)# remark DENY NETWORK 192.168.2.0 FROM R1

R3(config-std-nacl)# deny 192.168.2.0 0.0.0.255

R3(config-std-nacl)# permit any

R3(config-std-nacl)# interface serial 3/0

R3(config-if)# ip access-group ACL1 in

PC1 TELNET R2

PC>telnet 192.168.3.1

Trying 192.168.3.1 ...Open

User Access Verification

Password:

R1>en

Password:

R1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –BGP……

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area…….

C 192.168.1.0/24 is directly connected, FastEthernet0/0

C 192.168.2.0/24 is directly connected, FastEthernet1/0

相关主题