实验名称
:
路由器的防火墙(ACL)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
组网需求
:
(让A的L1口可以ping 通B的L1 口但是不允许B的L1口ping 同A 的L2 口)
网络拓扑图:
<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />
实验步骤:
Route A
的配置
1.[Rooute]sys A
2.[A-Serial0]ip add 1.1.1.1 24.
3.[A-Serial0]shutdown
4..[A-Serial0]undo shutdown
5.[A-LoopBack1]ip add 2.2.2.2 24
6..[A-LoopBack2]ip add 4.4.4.4 24
7.[A] ip route-static 3.3.3.0 255.255.255.0 1.1.1.2 preference 60
Route B
的配置
1.[Rooute]sys B
2.[B-Serial0]ip add 1.1.1.2 24.
3.. [B-Serial0]shutdown
4..[B-Serial0]undo shutdown
5. [B-LoopBack1]ip add 3.3.3.3 24
6. [B] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1 preference 60
7.[B] ip route-static 4.4.4.0 255.255.255.0 1.1.1.1 preference 60
(以上配置是让全网互通—在没有使用ACL之前都可以相互访问)
[A]ping -a 2.2.2.2 3.3.3.3
<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 26 ms
--- 3.3.3.3 ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 26/26/26 ms
[A]ping -a 4.4.4.4 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 26 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 27 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 26 ms
--- 3.3.3.3 ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 26/26/27 ms
[A]
Route B
的配置
(
在B上定义了一条ACL 我拒绝了从4.0网段来到3.0网段去的路由信息。其他信息可通过,只后我把他用在也A相连的接口上—数据近来的方向,那么就达到了实的目的同样的配置也可一在A上做)
8.[B] rule normal deny ip source 4.4.4.4 0.0.0.0 destination 3.3.3.3 0.0.0.0
9.[B] rule normal permit ip source any destination any
10.[B] firewall packet-filter 101 inbound
验证:
[B]ping -a 3.3.3.3 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=0 ttl=255 time = 26 ms
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time = 26 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time = 26 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time = 26 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time = 26 ms
--- 2.2.2.2 ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 26/26/26 ms
[B]ping -a 3.3.3.3 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 4.4.4.4 ping statistics ---
5 packets transmitted
0 packets received
100.00% packet loss
[B]
转载于:https://blog.51cto.com/ciscolj/82120
1263
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
