acl实验2

一、实验拓扑

二、实验需求

如图：设备、接口类型及接口IP

1、使用RIP使全网互通。
2、创建acl列表使pc1可以访问pc4 而 pc2不可以访问pc4
3、创建acl列表使server机所在网络除pc3都有权访问pc4

三、实验步骤

如图：设备、接口类型及接口IP

[SERVER]int g0/0
[SERVER-GigabitEthernet0/0]ip add 192.168.20.10 24
[SERVER]ip route-static 0.0.0.0 0 192.168.20.1 

[SW2]int g1/0/1 
[SW2-GigabitEthernet1/0/1]port link-type trunk 
[SW2-GigabitEthernet1/0/1]port trunk permit vlan all
[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]int range g1/0/10 to g1/0/19 
[SW2-if-range]port access vlan 10
[SW2]int range g1/0/20 to g1/0/22 
[SW2-if-range]port access vlan 20 
<SW2>display vlan brief 
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID   Name                             Port
1         VLAN 0001                        FGE1/0/53  FGE1/0/54  GE1/0/1  
                                           GE1/0/2  GE1/0/3  GE1/0/4  GE1/0/5  
                                           GE1/0/6  GE1/0/7  GE1/0/8  GE1/0/9  
                                           GE1/0/23  GE1/0/24  GE1/0/25  
                                           GE1/0/26  GE1/0/27  GE1/0/28  
                                           GE1/0/29  GE1/0/30  GE1/0/31  
                                           GE1/0/32  GE1/0/33  GE1/0/34  
                                           GE1/0/35  GE1/0/36  GE1/0/37  
                                           GE1/0/38  GE1/0/39  GE1/0/40  
                                           GE1/0/41  GE1/0/42  GE1/0/43  
                                           GE1/0/44  GE1/0/45  GE1/0/46  
                                           GE1/0/47  GE1/0/48  XGE1/0/49  
                                           XGE1/0/50  XGE1/0/51  XGE1/0/52  
10        VLAN 0010                        GE1/0/1  GE1/0/10  GE1/0/11  
                                           GE1/0/12  GE1/0/13  GE1/0/14  
                                           GE1/0/15  GE1/0/16  GE1/0/17  
                                           GE1/0/18  GE1/0/19  
20        VLAN 0020                        GE1/0/1  GE1/0/20  GE1/0/21  
                                           GE1/0/22 

[SW1]int g1/0/1 
[SW1-GigabitEthernet1/0/1]port link-type trunk
[SW1-GigabitEthernet1/0/1]port trunk permit vlan all
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]int g1/0/20 
[SW1-GigabitEthernet1/0/20]port access vlan 20
[SW1]int vlan20
[SW1-Vlan-interface20]ip add 192.168.20.1 24
[SW1]int vlan10
[SW1-Vlan-interface10]ip add 192.168.10.1 24
[SW1-Vlan-interface10]int g1/0/10 
[SW1-GigabitEthernet1/0/10]port access vlan 10
[SW1-GigabitEthernet1/0/10]int range g1/0/15 to g1/0/18 
[SW1-if-range]port access vlan 10 
[SW1]vlan 100
[SW1-vlan100]port g1/0/24 
[SW1]int vlan100 
[SW1-Vlan-interface100]ip add 192.168.100.1 24
[SW1-Vlan-interface100]display ip int br
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description 
MGE0/0/0                 down     down     --              --
Vlan10                   up       up       192.168.10.1    --
Vlan20                   up       up       192.168.20.1    --
Vlan100                  up       up       192.168.100.1   --
[SW1]display vlan brief 
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID   Name                             Port
1         VLAN 0001                        FGE1/0/53  FGE1/0/54  GE1/0/1  
                                           GE1/0/2  GE1/0/3  GE1/0/4  GE1/0/5  
                                           GE1/0/6  GE1/0/7  GE1/0/8  GE1/0/9  
                                           GE1/0/11  GE1/0/12  GE1/0/13  
                                           GE1/0/14  GE1/0/19  GE1/0/21  
                                           GE1/0/22  GE1/0/23  GE1/0/25  
                                           GE1/0/26  GE1/0/27  GE1/0/28  
                                           GE1/0/29  GE1/0/30  GE1/0/31  
                                           GE1/0/32  GE1/0/33  GE1/0/34  
                                           GE1/0/35  GE1/0/36  GE1/0/37  
                                           GE1/0/38  GE1/0/39  GE1/0/40  
                                           GE1/0/41  GE1/0/42  GE1/0/43  
                                           GE1/0/44  GE1/0/45  GE1/0/46  
                                           GE1/0/47  GE1/0/48  XGE1/0/49  
                                           XGE1/0/50  XGE1/0/51  XGE1/0/52  
10        VLAN 0010                        GE1/0/1  GE1/0/10  GE1/0/15  
                                           GE1/0/16  GE1/0/17  GE1/0/18  
20        VLAN 0020                        GE1/0/1  GE1/0/20  
100       VLAN 0100                        GE1/0/1  GE1/0/24  

[RTA]int g0/0
[RTA-GigabitEthernet0/0]ip add 172.16.1.1 24
[RTA]int g0/1
[RTA-GigabitEthernet0/1]ip add 192.168.100.2 24
[RTA]display ip int br 
*down: administratively down
(s): spoofing  (l): loopback
Interface           Physical Protocol IP address/Mask    VPN instance Description  
GE0/0               up       up       172.16.1.1/24      --           --
GE0/1               up       up       192.168.100.2/24   --           --

[RTB]display ip int br
*down: administratively down
(s): spoofing  (l): loopback
Interface           Physical Protocol IP address/Mask    VPN instance Description  
GE0/0               up       up       172.16.1.2/24      --           --
GE0/1               up       up       172.16.2.1/24     --           --

1、使用RIP使全网互通。

[RTA]rip 1
[RTA-rip-1]network 172.16.1.0
[RTA-rip-1]network 192.168.100.0 
[RTA-rip-1]undo summary 
[RTA-rip-1]version 2

[SW1]rip 1 
[SW1-rip-1]network 192.168.100.0 
[SW1-rip-1]network 192.168.20.0
[SW1-rip-1]network 192.168.10.0
[SW1-rip-1]undo summary 
[SW1-rip-1]version 2 

[RTB]rip 1
[RTB-rip-1]network 172.16.1.0
[RTB-rip-1]network 172.16.2.0
[RTB-rip-1]undo summary 
[RTB-rip-1]version 2

2、创建acl列表使pc1可以访问pc4 而 pc2不可以访问pc4

[SW2]acl advanced 3000
[SW2-acl-ipv4-adv-3000]rule deny icmp source 192.168.10.20 0 destination 172.16.2.10 0 
[SW2]int g1/0/10 
[SW2-GigabitEthernet1/0/10]packet-filter 3000 inbound 

3、创建acl列表使server机所在网络除pc3都有权访问pc4

[RTB]acl basic 2000 
[RTB-acl-ipv4-basic-2000]rule deny source 192.168.20.20 0
[RTB]int g0/1
[RTB-GigabitEthernet0/1]packet-filter 2000 outbound

四、实验结果