基本
IP
配置
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip do lo
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#logg syn
Router(config-line)#end
r1(config)#int f0/0
r1(config-if)#no sw
r1(config-if)#ip add 192.168.4.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#int f0/1
r1(config-if)#no sw
r1(config-if)#ip add 192.168.1.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#router eigrp 100
r1(config-router)#network 192.168.1.1 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.0
r1(config-router)#network 192.168.4.1 0.0.0.0
r1(config-router)#exit
R2:
r2(config)#int f0/1
r2(config-if)#no sw
r2(config-if)#ip add 192.168.2.1 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#int f0/0
r2(config-if)#no sw
r2(config-if)#ip add 192.168.4.2 255.255.255.0
r2(config-if)#no shut
r2(config-if)#exit
r2(config)#router eigrp 100
r2(config-router)#network 192.168.2.1 0.0.0.0
r2(config-router)#network 192.168.4.2 0.0.0.0
r2(config-router)#exit
R3:
r3(config)#int f0/0
r3(config-if)#no sw
r3(config-if)#ip add 192.168.4.3 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#int f0/1
r3(config-if)#no sw
r3(config-if)#ip add 192168.3.1 255.255.255.0
r3(config-if)#no shut
r3(config-if)#exit
r3(config)#router eigrp 100
r3(config-router)#network 192.168.3.1 0.0.0.0
r3(config-router)#network 192.168.4.3 0.0.0.0
r3(config-router)#exit
SW1:
sw1(config)#int f0/0
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/1
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)#int f0/2
sw1(config-if)#no shut
sw1(config-if)#exit
1.
在
ROUTER1
上应用标准访问控制列表仅限制
PC1
对
VS1
的访问。
r1(config)#access-list 1 deny host 192.168.3.2
r1(config)#access-list 1 permit any
r1(config)#int f0/0
r1(config-if)#ip access-group 1 in
測試結果
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
任务
2.
在
ROUTER2
上应用标准访问控制列表限制网络
192.168.3.0/24
访问
VS2
。
r2(config)#access-list 1 deny 192.168.3.0 0.0.0.255
r2(config)#access-list 1 permit any
r2(config)#int f0/0
r2(config-if)#ip access-group 1 in
r2(config-if)#exit
測試結果
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout
r3#ping 192.168.2.2 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
U.U.U
Success rate is 0 percent (0/5)
任务
3.
在
ROUTER2
上应用扩展访问控制列表拒绝
VS1
向
VS2
发起远程桌面,但是允许别的流量
r2(config)#access-list 101 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
r2(config)#access-list 101 permit ip any any
r2(config)#int f0/0
r2(config-if)#ip access-group 101 in
顯示結果
R2
r2(config)#ip access-list extended 101
r2(config-ext-nacl)#15 deny icmp host 192.168.1.2 host 192.168.2.2
r2#show access-lists
Standard IP access list 1
10 deny 192.168.3.0, wildcard bits 0.0.0.255 (26 matches)
20 permit any (830 matches)
Extended IP access list 101
10 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389
15 deny icmp host 192.168.1.2 host 192.168.2.2 (24 matches)
20 permit ip any any (853 matches)
实验结果
虛擬
VPC1
VPCS 1 >ip 192.168.3.2 192.168.3.1 255.255.255.0
PC1 : 192.168.3.2 255.255.255.0 gateway 192.168.3.1
VPCS 1 >ping 192.168.1.2
192.168.1.2 icmp_seq=1 time=14.000 ms
192.168.1.2 icmp_seq=2 time=11.000 ms
192.168.1.2 icmp_seq=3 time=13.000 ms
192.168.1.2 icmp_seq=4 time=16.000 ms
192.168.1.2 icmp_seq=5 time=78.000 ms
VPCS 1 >ping 192.168.2.2
192.168.2.2 icmp_seq=1 time=13.000 ms
192.168.2.2 icmp_seq=2 time=43.000 ms
192.168.2.2 icmp_seq=3 time=79.000 ms
192.168.2.2 icmp_seq=4 time=46.000 ms
192.168.2.2 icmp_seq=5 time=13.000 ms
VS2 (192.168.2.2 GW 192.168.2.1)
C:\Documents and Settings\Administrator>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=53ms TTL=126
Reply from 192.168.1.2: bytes=32 time=8ms TTL=126
Reply from 192.168.1.2: bytes=32 time=10ms TTL=126
Reply from 192.168.1.2: bytes=32 time=43ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 53ms, Average = 28ms
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=9ms TTL=62
Reply from 192.168.3.2: bytes=32 time=16ms TTL=62
Reply from 192.168.3.2: bytes=32 time=53ms TTL=62
Reply from 192.168.3.2: bytes=32 time=79ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 79ms, Average = 39ms
VS1(192.168.1.2 GW 192.168.1.1)
C:\Documents and Settings\Administrator>ping 192.168.3.2
Pinging 192.168.3.2 with 32 bytes of data:
Reply from 192.168.3.2: bytes=32 time=45ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Reply from 192.168.3.2: bytes=32 time=11ms TTL=62
Reply from 192.168.3.2: bytes=32 time=12ms TTL=62
Ping statistics for 192.168.3.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 45ms, Average = 20ms
C:\Documents and Settings\Administrator>ping 192.168.2.2
Pinging 192.168.2.2 with 32 bytes of data:
Reply from 192.168.2.2: bytes=32 time=111ms TTL=126
Reply from 192.168.2.2: bytes=32 time=40ms TTL=126
Reply from 192.168.2.2: bytes=32 time=11ms TTL=126
Reply from 192.168.2.2: bytes=32 time=10ms TTL=126
Ping statistics for 192.168.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 111ms, Average = 43ms
转载于:https://blog.51cto.com/policyxiu/209037
扫一扫
7446
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
