标准ACL配置

1、  实验目的:

通过本次的实验,我们可以掌握如下技能

1)        ACL的设计原则和工作过程。

2)        定义标准ACL

3)        应用ACL

4)        标准ACL的调试。

2、  实验拓扑图:

clip_image002

3、  实验步骤:

(1)       配置各个路由器接口地址

Router(config)#hostname R1

R1(config)#interface serial 2/0

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#clock rate 128000

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shutdown

 

R2(config)#interface serial 2/0

R2(config-if)#ip address 192.168.2.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 3/0

R2(config-if)#ip address 192.168.3.1 255.255.255.0

R2(config-if)#clock rate 128000

R2(config-if)#no shutdown

R2(config-if)#end

R2#

 

 

Router(config)#hostname R3

R3(config)#interface serial 3/0

R3(config-if)#ip address 192.168.3.2 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface fastEthernet 0/0  

R3(config-if)#ip address 192.168.4.1 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#end

R3#

 

(2)       配置路由R1

 

R1(config)#router eigrp 1

R1(config-router)#network 192.168.1.0 0.0.0.255

R1(config-router)#network 192.168.2.0

R1(config-router)#no auto-summary

R1(config-router)#

(3)       配置路由R2

R2(config)#router eigrp 1

R2(config-router)#network 192.168.1.0

R2(config-router)#no network 192.168.1.0

R2(config-router)#network 192.168.2.0

R2(config-router)#network 192.168.3.0

R2(config-router)#no auto-summary

R2(config)#access-list 1 deny 192.168.1.0 0.0.0.255

R2(config)#access-list 1 permit any

R2(config)#interface fastEthernet 0/0

R2(config-if)#ip ac

R2(config-if)#ip access-group 1 in

R2(config-if)#

(4)       配置路由R3

R3(config)#router eigrp 1

R3(config-router)#network 192.168.3.0

R3(config-router)#network 192.168.4.0

R3(config-router)#no auto-summary

(5)       实验测试

     首先来查看我们定义的访问控制列表

R2#show ip access-lists

Standard IP access list 1

    deny 192.168.1.0 0.0.0.255

    permit any

R2#

 

   查看接口信息

R2#show ip interface serial 2/0

Serial2/0 is up, line protocol is up (connected)

  Internet address is 192.168.2.2/24

  Broadcast address is 255.255.255.255

  Address determined by setup command

  MTU is 1500

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is 1

  Proxy ARP is enabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is disabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP Fast switching turbo vector

  IP multicast fast switching is disabled

  IP multicast distributed fast switching is disabled

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Probe proxy name replies are disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

R2#

 

以上表明我们已经在接口上应用了ACL.

 

OK,实验结束!!!!!!!!!!!