标准ACL
R0基本配置
int f0/0
ip add 192.168.10.254 255.255.255.0
no shutdown
int f0/1
ip add 76.12.16.133 255.255.255.252
no shut
R1基本配置
int f0/0
ip add 76.12.32.254 255.255.255.0
no shut
int f0/1
ip add 76.12.16.134 255.255.255.252
no shut
再分别给R1、R2配置默认路由
R1
ip route 0.0.0.0 0.0.0.0 76.12.16.133 #76.12.16.133为本路由器的所连接的下一跳地址,也可写为本路由器所连接的下一跳端口号
R2
ip route 0.0.0.0 0.0.0.0 76.12.16.134 #同上
标准ACL靠近目的地址的路由器上
在R1上配置标准ACL
标准ACL的编号1-99
ip access-list 1 permit host 192.168.10.100
ip access-list 1 deny host 192.168.10.1
interface f0/1
ip access-group 1 in
扩展ACL
R0基本配置
int f0/0
ip add 192.168.10.254 255.255.255.0
no shutdown
int f0/1
ip add 76.12.16.133 255.255.255.252
no shut
R1基本配置
int f0/0
ip add 76.12.32.254 255.255.255.0
no shut
int f0/1
ip add 76.12.16.134 255.255.255.252
no shut
再分别给R1、R2配置默认路由
R1
ip route 0.0.0.0 0.0.0.0 76.12.16.133 #76.12.16.133为本路由器的所连接的下一跳地址,也可写为本路由器所连接的下一跳端口号
R2
ip route 0.0.0.0 0.0.0.0 76.12.16.134 #同上
扩展ACL配置在靠近源地址的路由器上
在R0上配置扩展ACL
扩展ACL的编号100-199
需要协议、源IP、源端口、目的IP、目的端口都匹配
ip access-list 100 deny icmp host 192.168.10.1 host 76.12.32.1 #拒接来自192.168.10.1主机去往76.12.32.1主机的ping包
ip access-list 100 permit ip any any #允许所有
interface f0/1
ip access-group 100 out #将ACL应用到出接口