ACL基本试验:
如下拓扑:
网络基本配置:
网络连通后的拓扑:
***扫描:
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=125ms TTL=125
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 156ms, Average = 148ms
开始在504研究所路由上建立ACL:
ACL建立后,会默认增加一条规则:禁止所有访问
504(config)#access-list 56 permit 1.2.3.4 0.0.0.0 建立ACL
504(config)#int s0/1/1 进入接口放置ACL
504(config-if)#ip access-group 56 in 允许该计算机数据包进入该接口
504(config-if)#ip access-group 56 out 允许该计算机数据包流出该接口
504(config-if)#
大体上两步:建立 ACL 放置ACL
三步: 建立 进入 放置
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
证明:ACL建立后,会默认增加一条规则:禁止所有访问
然后删除ACL:
504(config)#no access-list 56 permit 1.2.3.4 0.0.0.0
ACL 不存在
***计算机再次扫描:
PC>ping 192.168.4.2
Pinging 192.168.4.2 with 32 bytes of data:
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=156ms TTL=125
Reply from 192.168.4.2: bytes=32 time=125ms TTL=125
Ping statistics for 192.168.4.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 156ms, Average = 148ms
PC>
ACL基本配置讲解:
建立ACL
504(config)#access-list 23 permit 1.2.3.4 0.0.0.0 允许一个主机
504(config)#access-list 23 permit 202.13.53.0 0.0.0.255 允许一个网段
504(config)#access-list 23 deny 33.69.25.17 0.0.0.0 禁止一个主机
504(config)#access-list 23 deny 53.29.18.0 0.0.0.255 禁止一个网段
进入接口:
504(config)#int s0/1/1
放置ACL
504(config-if)#ip access-group 23 in
转载于:https://blog.51cto.com/dnsdhcp/327565
扫一扫
1126
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
