实例二:扩展ACL的基本用法
1.限制PC1访问服务器的web
2.把控制列表应用在R2的S0/2/0的in方向
代码如下:
R1配置
en
conf t
hostname R1
int f0/0
ip address 192.168.1.254 255.255.255.0
no shutdown
exit
int f0/1
ip address 192.168.2.254 255.255.255.0
no shutdown
exit
int s0/2/0
ip address 192.168.3.254 255.255.255.0
no shutdown
clock rate 64000
exit
router rip
version 2
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
exit
end
R2配置
en
conf t
hostname R2
int s0/2/0
ip address 192.168.3.253 255.255.255.0
ip access-group 101 in
no shutdown
exit
int f0/0
ip address 192.168.4.254 255.255.255.0
no shutdown
exit
access-list 101 deny tcp 192.168.1.0 0.0.0.255 192.168.4.00.0.0.255 eq 80
access-list 101 permit ip any any
router rip
version 2
network 192.168.3.0
network 192.168.4.0
exit
end
测试结果:PC1可以ping通,但不能访问web
PC>ping 192.168.4.253
Pinging 192.168.4.253 with 32 bytes of data:
Reply from 192.168.4.253: bytes=32 time=19ms TTL=126
Reply from 192.168.4.253: bytes=32 time=4ms TTL=126
Reply from 192.168.4.253: bytes=32 time=1ms TTL=126
Reply from 192.168.4.253: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.4.253:
Packets:Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum= 19ms, Average = 6ms
http://192.168.4.253
Request Timeout
结果分析:访问列表成功起到过滤作用