ACL在路由器上设置例子
2024-05-15 15:50:40
基本IP配置<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip do lo
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#logg syn
Router(config-line)#end
r1(config)#int f0/0
r1(config-if)#no sw
r1(config-if)#ip add 192.168.4.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#int f0/1
r1(config-if)#no sw
r1(config-if)#ip add 192.168.1.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#router eigrp 100
r1(config-router)#network 192.168.1.1 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.0
r1(config-router)#network 192.168.4.1 0.0.0.0
r1(config-router)#exit
R2:
r2(config)#int f0/1
r2(config-if)#no sw
r2(config-if)#ip add 192.168.2.1 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#int f0/0
r2(config-if)#no sw
r2(config-if)#ip add 192.168.4.2 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#router eigrp 100
r2(config-router)#network 192.168.2.1 0.0.0.0
r2(config-router)#network 192.168.4.2 0.0.0.0
r2(config-router)#exit
R3:
r3(config)#int f0/0
r3(config-if)#no sw
r3(config-if)#ip add 192.168.4.3 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#int f0/1
r3(config-if)#no sw
r3(config-if)#ip add 192168.3.1 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#router eigrp 100
r3(config-router)#network 192.168.3.1 0.0.0.0
r3(config-router)#network 192.168.4.3 0.0.0.0
r3(config-router)#exit
SW1:
sw1(config)#int f0/0
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/1
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/2
sw1(config-if)#no shut
sw1(config-if)#exit
1. 在ROUTER1上应用标准访问控制列表仅限制PC1对VS1的访问。
r1(config)#access-list 1 deny host 192.168.3.2
r1(config)#access-list 1 permit any
r1(config)#int f0/0
r1(config-if)#ip access-group 1 in
測試結果
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
任务2.在ROUTER2上应用标准访问控制列表限制网络192.168.3.0/24访问VS2。
r2(config)#access-list 1 deny 192.168.3.0 0.0.0.255
r2(config)#access-list 1 permit any
r2(config)#int f0/0
r2(config-if)#ip access-group 1 in
r2(config-if)#exit
測試結果
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout
r3#ping 192.168.2.2 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
U.U.U
Success rate is 0 percent (0/5)
任务3.在ROUTER2上应用扩展访问控制列表拒绝VS1向VS2发起远程桌面,但是允许别的流量
r2(config)#access-list 101 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
r2(config)#access-list 101 permit ip any any
r2(config)#int f0/0
r2(config-if)#ip access-group 101 in
顯示結果
R2
r2(config)#ip access-list extended 101
r2(config-ext-nacl)#15 deny icmp host 192.168.1.2 host 192.168.2.2
r2#show access-lists
Standard IP access list 1
10 deny 192.168.3.0, wildcard bits 0.0.0.255 (26 matches)
20 permit any (830 matches)
Extended IP access list 101
10 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
15 deny icmp host 192.168.1.2 host 192.168.2.2 (24 matches)
20 permit ip any any (853 matches)
实验结果
虛擬VPC1
VPCS 1 >ip 192.168.3.2 192.168.3.1 255.255.255.0
PC1 : 192.168.3.2 255.255.255.0 gateway 192.168.3.1
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 time=14.000 ms
192.168.1.2 icmp_seq=2 time=11.000 ms
192.168.1.2 icmp_seq=3 time=13.000 ms
192.168.1.2 icmp_seq=4 time=16.000 ms
192.168.1.2 icmp_seq=5 time=78.000 ms
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 time=13.000 ms
192.168.2.2 icmp_seq=2 time=43.000 ms
192.168.2.2 icmp_seq=3 time=79.000 ms
192.168.2.2 icmp_seq=4 time=46.000 ms
192.168.2.2 icmp_seq=5 time=13.000 ms
VS2 (192.168.2.2 GW 192.168.2.1)
C:\Documents and Settings\Administrator>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=53ms TTL=126
Reply from 192.168.1.2: bytes=32 time=8ms TTL=126
Reply from 192.168.1.2: bytes=32 time=10ms TTL=126
Reply from 192.168.1.2: bytes=32 time=43ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 53ms, Average = 28ms
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=9ms TTL=62
Reply from 192.168.3.2: bytes=32 time=16ms TTL=62
Reply from 192.168.3.2: bytes=32 time=53ms TTL=62
Reply from 192.168.3.2: bytes=32 time=79ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 79ms, Average = 39ms
VS1(192.168.1.2 GW 192.168.1.1)
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=45ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Reply from 192.168.3.2: bytes=32 time=11ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 45ms, Average = 20ms
C:\Documents and Settings\Administrator>ping 192.168.2.2
Pinging 192.168.2.2 with 32 bytes of data:
Reply from 192.168.2.2: bytes=32 time=111ms TTL=126
Reply from 192.168.2.2: bytes=32 time=40ms TTL=126
Reply from 192.168.2.2: bytes=32 time=11ms TTL=126
Reply from 192.168.2.2: bytes=32 time=10ms TTL=126
Ping statistics for 192.168.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 111ms, Average = 43ms
转载于:https://blog.51cto.com/policyxiu/209037
ACL在路由器上设置例子相关推荐
- 如何在路由器上设置PPPoE(ADSL虚拟拨号)上网,即(宽带拨号)?
如何在路由器上设置PPPoE(ADSL虚拟拨号)上网,即(宽带拨号)? 参考链接: 1.https://service.tp-link.com.cn/detail_article_341.html 2 ...
- 在路由器上设置虚拟ftp服务器,怎么在路由器上开启ftp服务器配置
怎么在路由器上开启ftp服务器配置 内容精选 换一换 从Windows云服务器访问外部网络,遇到网络不通的情形,可参考本节内容进行排查.以下排查思路根据原因的出现概率进行排序,建议您从高频率原因往低频 ...
- 第21节 ACL——控制路由器上接口大门的进出规则
这里写目录标题 1 ACL概述 2 ACL分类及原理 2.1 标准ACL 2.2 扩展ACL 2.3 原理 3 ACL编辑 4 命名ACL 5 总结 6 参考文献 1 ACL概述 定义:Access ...
- 路由器桥接静态ip设置_如何在路由器上设置静态IP地址
路由器桥接静态ip设置 Routers both modern and antiquated allow users to set static IP addresses for devices on ...
- 如何在Eero路由器上设置静态IP地址
Most of the time, having your router assign dynamic IP addresses to your devices is fine. Sometimes, ...
- ssh方式路由web_在路由器上设置SSH以从任何地方进行安全Web访问
ssh方式路由web Connecting to the internet from Wi-Fi hotspots, at work, or anywhere else away from home, ...
- 关于TP-LINK宽带路由器上的“转发规则”功能用途及设置办法
关于TP-LINK宽带路由器上的"转发规则"功能用途及设置办法 现在TP-LINK的家用宽带路由器由于价格便宜,性能也还过的去,市场占有率相当高,TP-LINK的家用路由器里有项功 ...
- 宽带路由器上的“转发规则”功能用途及设置办法 -- LAN与WAN通信的IP转换
wo zhuan zai de zuo zhe mei you zhu ming zhuan zai di zhi 现在TP-LINK的家用宽带路由器由于价格便宜,性能也还过的去,市场占有率相当高,T ...
- 在思科路由器上做 _限速
大家都知道如果要限制某项服务,就要在路由器上设置ACL(访问控制列表)将该服务所用的端口封掉,从而阻止该服务的正常运行.对BT软件,我们可以尝试封它的端口.一般情况下,BT软件使用的是6880-689 ...
最新文章
- python 类的功能,字符串字节,嵌套等相关学习总结
- 协方差矩阵, 相关系数矩阵
- 前端学习(572):margin无效情形inline水平元素的margin无效
- 移动端微信公众号开发中问题记录及解决方案
- 有没有一种软件,可以输入乐谱就能自动演奏的?
- VMware Workstation 12 pro + 激活码+VMware Workstation 10 + 激活码
- 修改mysql的authen_MySQL连接抛出Authentication Failed错误的分析与解决思路
- 机器学习FP、TP、FN、TN、sensitivity、specificity及代码实现
- 修改tomcat的默认端口号是在tomcat的哪个配置文件里面?
- 网站建设服务器拼租服务器好还是独立服务器好
- 香港理工大学,新设“元宇宙科技”专业
- 《你是我生命中最美的相遇》
- html点击按钮动复制推广地址,JavaScript实现点击按钮就复制当前网址
- 详译:RESIDUAL AND PLAIN CONVOLUTIONAL NEURAL NETWORKS FOR 3D BRAIN MRICLASSIFICATION
- 来到fsb的第24天
- 达人评测 i5 12500h和锐龙r5 5600h选哪个好
- 苹果m1 ruby linner问题
- 用JavaScript获取网页中的js、css、Flash等文件
- 商业分析 CBAP考试 每章节输入输出; Guidelines and Tools; Stakeholders
- Linux C : lseek函数