配置标准访问控制列表------允许指定网段的计算机可以出站访问其它网段的计算机
2013-11-27 21:27
513 查看
拓扑图如下:
第1步:配置路由器R1启用的端口信息
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int fa1/0
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R1(config-if)#int se2/0
R1(config-if)#ip add 192.168.3.1 255.255.255.0
R1(config-if)#clock rate 64000
R1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0, changed state to down
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
第1步:配置路由器R2启用的端口信息
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
R2(config)#int se3/0
R2(config-if)#ip add 192.168.3.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface Serial3/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0, changed state to up
R2(config-if)#int fa0/0
R2(config-if)#ip add 192.168.4.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
第2步:配置路由器R1的静态路由
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.2
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet1/0
C 192.168.3.0/24 is directly connected, Serial2/0
S 192.168.4.0/24 [1/0] via 192.168.3.2
R1#
第2步:配置路由器R2的静态路由
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.3.1
R2(config)#exit
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.3.1 to network 0.0.0.0
C 192.168.3.0/24 is directly connected, Serial3/0
C 192.168.4.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.3.1
R2#
第3步:测试PC1和PC2都可以ping通PC3
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::202:16FF:FE13:EEEB
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.4.2: bytes=32 time=17ms TTL=126
Reply from 192.168.4.2: bytes=32 time=42ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 42ms, Average = 20ms
PC>
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FEE7:8562
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=3ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms
PC>
第4步:配置标准的访问控制列表
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip access-list standard Yahoo !--- 创建标准的访问控制列表名Yahoo
R1(config-std-nacl)#permit 192.168.2.0 0.0.0.255 !--- 配置允许的网段出站
R1(config-std-nacl)#deny 192.168.1.0 0.0.0.255 !--- 禁止网段出站,可省因为permit指令后会默认加上一条deny any
R1(config-std-nacl)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int se2/0
R1(config-if)#ip access-group Yahoo out !--- 访问控制列表名称应用到具体的出站端口
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
第5步:测试PC1不能ping通PC3而PC2则可以ping通PC3
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::202:16FF:FE13:EEEB
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FEE7:8562
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=13ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=10ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 13ms, Average = 6ms
PC>
测试结果表明标准访问控制列表配置完全正确。
第1步:配置路由器R1启用的端口信息
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int fa1/0
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R1(config-if)#int se2/0
R1(config-if)#ip add 192.168.3.1 255.255.255.0
R1(config-if)#clock rate 64000
R1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0, changed state to down
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
第1步:配置路由器R2启用的端口信息
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
R2(config)#int se3/0
R2(config-if)#ip add 192.168.3.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface Serial3/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0, changed state to up
R2(config-if)#int fa0/0
R2(config-if)#ip add 192.168.4.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
第2步:配置路由器R1的静态路由
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.2
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet1/0
C 192.168.3.0/24 is directly connected, Serial2/0
S 192.168.4.0/24 [1/0] via 192.168.3.2
R1#
第2步:配置路由器R2的静态路由
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.3.1
R2(config)#exit
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.3.1 to network 0.0.0.0
C 192.168.3.0/24 is directly connected, Serial3/0
C 192.168.4.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.3.1
R2#
第3步:测试PC1和PC2都可以ping通PC3
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::202:16FF:FE13:EEEB
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.4.2: bytes=32 time=17ms TTL=126
Reply from 192.168.4.2: bytes=32 time=42ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 42ms, Average = 20ms
PC>
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FEE7:8562
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=3ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms
PC>
第4步:配置标准的访问控制列表
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip access-list standard Yahoo !--- 创建标准的访问控制列表名Yahoo
R1(config-std-nacl)#permit 192.168.2.0 0.0.0.255 !--- 配置允许的网段出站
R1(config-std-nacl)#deny 192.168.1.0 0.0.0.255 !--- 禁止网段出站,可省因为permit指令后会默认加上一条deny any
R1(config-std-nacl)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int se2/0
R1(config-if)#ip access-group Yahoo out !--- 访问控制列表名称应用到具体的出站端口
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
第5步:测试PC1不能ping通PC3而PC2则可以ping通PC3
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::202:16FF:FE13:EEEB
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
PC>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FEE7:8562
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=13ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Reply from 192.168.4.2: bytes=32 time=10ms TTL=126
Reply from 192.168.4.2: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 13ms, Average = 6ms
PC>
测试结果表明标准访问控制列表配置完全正确。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 数据结构算法(2) 图的深度优先搜索
- 对于System.Net.Http的学习(二)——使用 HttpClient 进行连接
- Phonegap学习点滴(2) -- 网络状态检测
- 最重要的一些算法 (数学与计算机领域)
- windows下TCP/IP常用网络故障诊断命令
- 目标:完成数组和链表创建队列,完成其余基本数据结构。
- 如何解决:Asp.NET调试时提示:无法启动程序“http://localhost:6901/WebGridview.aspx”
- Java Socket 编程学习之 TCP
- Leader/Follower多线程网络模型介绍
- 【转】IplImage的数据结构
- 【JavaSE学习笔记】- 网络编程
- [转]Linux tcpdump命令详解
- [DOS]DOS功能调用06H 执行控制台I/O_编程学习_百度空间 http://hi.baidu.com/asmfan/item/4278a2eb1935091965db009f
- VC++ UDP网络控制台程序
- C++数据结构之map----第一篇
- C++数据结构之map----第一篇
- 数据结构之顺序表
- python进阶6 HTTP协议客户端实现
- Http-Components教程 -- 连接管理
- 一种自动反射消息类型的 Google Protobuf 网络传输方案