ACL在路由器上设置例子
2024-05-15 15:50:40
基本IP配置<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip do lo
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#logg syn
Router(config-line)#end
r1(config)#int f0/0
r1(config-if)#no sw
r1(config-if)#ip add 192.168.4.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#int f0/1
r1(config-if)#no sw
r1(config-if)#ip add 192.168.1.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#router eigrp 100
r1(config-router)#network 192.168.1.1 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.0
r1(config-router)#network 192.168.4.1 0.0.0.0
r1(config-router)#exit
R2:
r2(config)#int f0/1
r2(config-if)#no sw
r2(config-if)#ip add 192.168.2.1 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#int f0/0
r2(config-if)#no sw
r2(config-if)#ip add 192.168.4.2 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#router eigrp 100
r2(config-router)#network 192.168.2.1 0.0.0.0
r2(config-router)#network 192.168.4.2 0.0.0.0
r2(config-router)#exit
R3:
r3(config)#int f0/0
r3(config-if)#no sw
r3(config-if)#ip add 192.168.4.3 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#int f0/1
r3(config-if)#no sw
r3(config-if)#ip add 192168.3.1 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#router eigrp 100
r3(config-router)#network 192.168.3.1 0.0.0.0
r3(config-router)#network 192.168.4.3 0.0.0.0
r3(config-router)#exit
SW1:
sw1(config)#int f0/0
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/1
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/2
sw1(config-if)#no shut
sw1(config-if)#exit
1. 在ROUTER1上应用标准访问控制列表仅限制PC1对VS1的访问。
r1(config)#access-list 1 deny host 192.168.3.2
r1(config)#access-list 1 permit any
r1(config)#int f0/0
r1(config-if)#ip access-group 1 in
測試結果
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
任务2.在ROUTER2上应用标准访问控制列表限制网络192.168.3.0/24访问VS2。
r2(config)#access-list 1 deny 192.168.3.0 0.0.0.255
r2(config)#access-list 1 permit any
r2(config)#int f0/0
r2(config-if)#ip access-group 1 in
r2(config-if)#exit
測試結果
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout
r3#ping 192.168.2.2 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
U.U.U
Success rate is 0 percent (0/5)
任务3.在ROUTER2上应用扩展访问控制列表拒绝VS1向VS2发起远程桌面,但是允许别的流量
r2(config)#access-list 101 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
r2(config)#access-list 101 permit ip any any
r2(config)#int f0/0
r2(config-if)#ip access-group 101 in
顯示結果
R2
r2(config)#ip access-list extended 101
r2(config-ext-nacl)#15 deny icmp host 192.168.1.2 host 192.168.2.2
r2#show access-lists
Standard IP access list 1
10 deny 192.168.3.0, wildcard bits 0.0.0.255 (26 matches)
20 permit any (830 matches)
Extended IP access list 101
10 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
15 deny icmp host 192.168.1.2 host 192.168.2.2 (24 matches)
20 permit ip any any (853 matches)
实验结果
虛擬VPC1
VPCS 1 >ip 192.168.3.2 192.168.3.1 255.255.255.0
PC1 : 192.168.3.2 255.255.255.0 gateway 192.168.3.1
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 time=14.000 ms
192.168.1.2 icmp_seq=2 time=11.000 ms
192.168.1.2 icmp_seq=3 time=13.000 ms
192.168.1.2 icmp_seq=4 time=16.000 ms
192.168.1.2 icmp_seq=5 time=78.000 ms
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 time=13.000 ms
192.168.2.2 icmp_seq=2 time=43.000 ms
192.168.2.2 icmp_seq=3 time=79.000 ms
192.168.2.2 icmp_seq=4 time=46.000 ms
192.168.2.2 icmp_seq=5 time=13.000 ms
VS2 (192.168.2.2 GW 192.168.2.1)
C:\Documents and Settings\Administrator>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=53ms TTL=126
Reply from 192.168.1.2: bytes=32 time=8ms TTL=126
Reply from 192.168.1.2: bytes=32 time=10ms TTL=126
Reply from 192.168.1.2: bytes=32 time=43ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 53ms, Average = 28ms
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=9ms TTL=62
Reply from 192.168.3.2: bytes=32 time=16ms TTL=62
Reply from 192.168.3.2: bytes=32 time=53ms TTL=62
Reply from 192.168.3.2: bytes=32 time=79ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 79ms, Average = 39ms
VS1(192.168.1.2 GW 192.168.1.1)
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=45ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Reply from 192.168.3.2: bytes=32 time=11ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 45ms, Average = 20ms
C:\Documents and Settings\Administrator>ping 192.168.2.2
Pinging 192.168.2.2 with 32 bytes of data:
Reply from 192.168.2.2: bytes=32 time=111ms TTL=126
Reply from 192.168.2.2: bytes=32 time=40ms TTL=126
Reply from 192.168.2.2: bytes=32 time=11ms TTL=126
Reply from 192.168.2.2: bytes=32 time=10ms TTL=126
Ping statistics for 192.168.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 111ms, Average = 43ms
转载于:https://blog.51cto.com/policyxiu/209037
ACL在路由器上设置例子相关推荐
- 如何在路由器上设置PPPoE(ADSL虚拟拨号)上网,即(宽带拨号)?
如何在路由器上设置PPPoE(ADSL虚拟拨号)上网,即(宽带拨号)? 参考链接: 1.https://service.tp-link.com.cn/detail_article_341.html 2 ...
- 在路由器上设置虚拟ftp服务器,怎么在路由器上开启ftp服务器配置
怎么在路由器上开启ftp服务器配置 内容精选 换一换 从Windows云服务器访问外部网络,遇到网络不通的情形,可参考本节内容进行排查.以下排查思路根据原因的出现概率进行排序,建议您从高频率原因往低频 ...
- 第21节 ACL——控制路由器上接口大门的进出规则
这里写目录标题 1 ACL概述 2 ACL分类及原理 2.1 标准ACL 2.2 扩展ACL 2.3 原理 3 ACL编辑 4 命名ACL 5 总结 6 参考文献 1 ACL概述 定义:Access ...
- 路由器桥接静态ip设置_如何在路由器上设置静态IP地址
路由器桥接静态ip设置 Routers both modern and antiquated allow users to set static IP addresses for devices on ...
- 如何在Eero路由器上设置静态IP地址
Most of the time, having your router assign dynamic IP addresses to your devices is fine. Sometimes, ...
- ssh方式路由web_在路由器上设置SSH以从任何地方进行安全Web访问
ssh方式路由web Connecting to the internet from Wi-Fi hotspots, at work, or anywhere else away from home, ...
- 关于TP-LINK宽带路由器上的“转发规则”功能用途及设置办法
关于TP-LINK宽带路由器上的"转发规则"功能用途及设置办法 现在TP-LINK的家用宽带路由器由于价格便宜,性能也还过的去,市场占有率相当高,TP-LINK的家用路由器里有项功 ...
- 宽带路由器上的“转发规则”功能用途及设置办法 -- LAN与WAN通信的IP转换
wo zhuan zai de zuo zhe mei you zhu ming zhuan zai di zhi 现在TP-LINK的家用宽带路由器由于价格便宜,性能也还过的去,市场占有率相当高,T ...
- 在思科路由器上做 _限速
大家都知道如果要限制某项服务,就要在路由器上设置ACL(访问控制列表)将该服务所用的端口封掉,从而阻止该服务的正常运行.对BT软件,我们可以尝试封它的端口.一般情况下,BT软件使用的是6880-689 ...
最新文章
- Java基础系列--Executor框架(一)
- java高级之Io流
- 一文梳理多任务学习(MMoE/PLE/DUPN/ESSM等)
- javaweb学习总结(八):HttpServletResponse对象(二)
- 光纤收发器按照网管怎么分类
- CSDN-Markdown编辑器使用小技巧
- 在阿里云服务器Windows Server 2012r IIS 上部署.NET网站
- 节 海里/小时 千米/小时 米/秒 转换
- Agile入门系列-1
- Linux下Teamviewer安装、设置及开机启动
- ubuntu文件夹右键没有共享选项
- 3D Experience — 产品协同研发平台
- Flutter 设置 App 的主色调与字体
- CAN 总线 之三 CAN 国际标准 ISO 11898 解读
- WiFi-ESP8266入门http(3-1)网页认证上网-post请求(原教程)
- 01-JAN-20转化为日期格式
- VASP出错 PZSTEIN parameter number 4 had an illegal value
- 【计算机网络 (谢希仁) 习题题解】第4章 网络层 (1)
- QT开发:ImgTool小工具—图片训练集扩充
- IP转换软件请求过于频繁的原因是什么?