配置访问控制列表 推荐
2007-03-05 22:58
344 查看
初始配置:
R1
conf t
int f 0/0
ip ad 10.1.1.1 255.255.255.0
no shut
int l0
ip ad 1.1.1.1 255.255.255.255
router rip
ver 2
net 10.0.0.0
net 1.00.0.0
no au
R3
conf t
int s2/0
ip ad 10.1.2.3 255.255.255.0
clock rate 64000
no shut
router rip
ver 2
net 10.0.0.0
no au
R2
conf t
int f 0/0
ip ad 10.1.1.2 255.255.255.0
no shut
int s2/0
ip ad 10.1.2.2 255.255.255.0
no shut
router rip
ver 2
no au
net 10.0.0.0
exit
CASE1:标准ACL(1)
R2
int f 0/0
ip access-group 1 in
exit
access-list 1 permit host 10.1.1.1
校验:
R1#ping 10.1.2.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
U.U.U
Success rate is 0 percent (0/5)
R1#ping 10.1.2.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/103/220 ms
CASE 2:标准ACL(2)
在R2上配置
int f 0/0
ip access-group 1 in
exit
access 1 deny host 10.1.1.1
access 1 permit any
校验:
R1#ping 10.1.2.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
U.U..
Success rate is 0 percent (0/5)
R1#ping 10.1.2.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/59/112 ms
CASE3:扩展ACL(1)
R3
int l 1
ip ad 3.3.3.1 255.255.255.255
int l 2
ip ad 3.3.3.2 255.255.255.255
int l 3
ip ad 3.3.3.3 255.255.255.255
router rip
net 3.0.0.0
R2
access 100 permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255
int f0/0
ip access-group 100 in
校验:
R1#ping 3.3.3.3 source l 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/90/200 ms
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CASE4:扩展ACL(2)
R3
conf t
username R3 password pass
line vty 0 4
login local
end
R2
conf t
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
int f0/0
ip access-group 100 in
end
校验:
R1#telnet 3.3.3.3
Trying 3.3.3.3 ...
% Destination unreachable; gateway or host down
R1#telnet 10.1.2.3
Trying 10.1.2.3 ...
% Destination unreachable; gateway or host down
CASE5:使用ACL限制时间范围
R2
conf t
time-range allowtelnet
periodic daily 19:00 to 19:01 /×由于是实验,所以这里只把时间范围设定为1分钟,有便于校验
exit
access 100 deny tcp host 10.1.1.1 3.3.3.0 0.0.0.255 eq telnet time-range allowtelnet
access 100 permit ip any any
int f 0/0
ip access-group 100 in
end
R2#sh time-range
time-range entry: allowtelnet (active)
periodic daily 19:00 to 19:01
used in: IP ACL entry
R2#sh ip access
Extended IP access list 100
10 deny tcp host 10.1.1.1 3.3.3.0 0.0.0.255 eq telnet time-range allowtelnet (active) (3 matches)
20 permit ip any any (54 matches)
R1#telnet 3.3.3.3
Trying 3.3.3.3 ...
% Destination unreachable; gateway or host down
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/115/256 ms
R1#ping 10.1.2.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/158/292 ms
1分钟以后:
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Username: r3
Password:
R3>quit
[Connection to 3.3.3.3 closed by foreign host]
相关文章推荐
- ACL的三种访问控制列表的概述及实验配置
- 演示:基于上下文的访问控制(IOS防火墙的配置) 推荐
- 扩展访问控制列表配置(51cto: 实验 35)
- CCNA课堂练习三:标准访问控制列表和扩展访问控制列表的区别 推荐
- Cisco路由器配置ACL详解之基于时间的访问控制列表
- DNS解析与Bind的使用(7)——子域授权、转发及访问控制列表配置
- IIS错误信息:HTTP 错误 401.3 - Unauthorized 由于 Web 服务器上此资源的访问控制列表(ACL)配置或加密设置,您无权查看此目录或页面
- 基于时间的访问控制列表配置实例
- 您不具备查看该目录或页面的权限,因为访问控制列表 (ACL) 对Web服务器上的该资源进行了配置
- CCNA--LAB-6:配置ACL(访问控制列表-经典实例)
- AR系列路由器包过滤控制访问列表的配置
- 第十五集思科教程之访问控制列表ACL 推荐
- 巧用Squid的ACL和访问列表实现高效访问控制 推荐
- 您未被授权查看该页 您不具备查看该目录或页面的权限,因为访问控制列表 (ACL) 对 Web 服务器上的该资源进行了配置
- quidway secpath下的访问控制列表(ACL) 推荐
- CCNA--LAB-6:配置ACL(访问控制列表-经典实例)
- H3C交换机典型访问控制列表(ACL)配置实例
- CCNA--LAB-6:配置ACL(访问控制列表-经典实例)
- 标准的访问控制列表的配置
- 配置IP会话过滤(自反访问列表) 推荐