CCNA实验六 ACL部署

最新推荐文章于 2022-02-16 21:11:43 发布

夜阑烟雨梦

最新推荐文章于 2022-02-16 21:11:43 发布

阅读量320

点赞数

分类专栏：训练中的网工

本文链接：https://blog.csdn.net/u014100446/article/details/96000322

版权

训练中的网工专栏收录该内容

13 篇文章 0 订阅

订阅专栏

文章目录

实验环境
实验一
实验二
- R3命令行
- R2命令行
实验三
- R3命令行
- R2命令行

实验环境

在这里插入图片描述

实验一

R2无法ping通R3

R3命令行

R3(config)#access-list 10 deny host 2.2.2.2           
R3(config)#access-list 10 permit any
R3(config)#int e 0/0
R3(config-if)#ip access-group 10 in
R3(config-if)#

R2命令行

R2#ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
U.U.U
Success rate is 0 percent (0/5)

R1命令行

Router#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1的ping行为不受ACL影响

实验二

2.2.2.2不能ping通3.3.3.3

同时

2.2.2.2可以telnet 3.3.3.3

R3命令行

R3(config)#username admin privilege 15 password admin
R3(config)#LINE VTY 0 4
R3(config-line)#LOG
R3(config-line)#log
R3(config-line)#login
R3(config-line)#login l
R3(config-line)#login local 
R3(config-line)#trans
R3(config-line)#transport inp
R3(config-line)#transport input all
R3(config-line)#exit

R3(config)#ip access-list extended NCR3
R3(config-ext-nacl)#10 d
R3(config-ext-nacl)#10 de
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 ho
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 host 3.3.3.3
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 host 3.3.3.3 echo
R3(config-ext-nacl)#20 p
R3(config-ext-nacl)#20 permit tcp host 2.2.2.2 host 3.3.3.3 eq 23
R3(config-ext-nacl)#exit
R3(config)#int e 0/0
R3(config-if)#ip acces
R3(config-if)#ip access-group M
R3(config-if)#ip access-group N
R3(config-if)#ip access-group NCR3 in
R3(config-if)#
*Jul 15 16:13:20.861: %OSPF-5-ADJCHG: Process 110, Nbr 1.1.1.1 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R3(config-if)#

R2命令行

R2#ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
U.U.U
Success rate is 0 percent (0/5)
R2#telnet 3.3.3.3 /so   
R2#telnet 3.3.3.3 /source-interface loo
R2#telnet 3.3.3.3 /source-interface loopback 0
Trying 3.3.3.3 ... Open

User Access Verification

Username: admin
Password: 
R3#

实验三

对VTY虚拟接口部署ACL，效果为：只有特定ip才能Telnet

R3命令行

R3(config)#ip access-list standard P12T      
R3(config-std-nacl)#10 Permit host 12.1.1.2
R3(config-std-nacl)#exit
R3(config)#line vty 0 4
R3(config-line)#acces
R3(config-line)#access-class P12T in

R2命令行

R2#
R2#telnet 3.3.3.3 /source-interface loopback 0
Trying 3.3.3.3 ... 
% Connection refused by remote host
  
R2#telnet 3.3.3.3 /source-interface ethernet 0/0
Trying 3.3.3.3 ... Open

User Access Verification

Username: admin
Password: 
R3#

夜阑烟雨梦

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
CCNA实验六 ACL部署

文章目录实验环境实验一R3命令行R2命令行R1命令行实验二R3命令行R2命令行实验三R3命令行R2命令行实验环境实验一R2无法ping通R3R3命令行R3(config)#access-list 10 deny host 2.2.2.2 R3(config)#access-list 10 permit anyR3(config)#int e 0/0R3(con...
复制链接

扫一扫

专栏目录