ACL扩展的配置实验

 

一、实验配置图及要求在路由上建立ACL扩展的配置要求如下： 
1、允许PC1访问Linux的web服务 
2、允许PC2访问Linux的ftp服务 
3、禁止PC1与PC2访问Linux的其它服务 
4、允许PC1访问PC2 

二、实验环境部署1、pc1、pc2以及Linux系统均设置静态IP、子掩及网关，并且进行对应的网卡绑定。 
2、完成Linux服务器相关服务的安装与启动 
[root@localhost ~]# yum install vsftpd -y      //安装ftp服务[root@localhost ~]# yum install httpd -y       //安装http服务[root@localhost ~]# systemctl stop firewalld.service    //关闭防火墙[root@localhost ~]# setenforce 0               //关闭增强性安全功能[root@localhost ~]# systemctl start httpd      //启动服务[root@localhost ~]# systemctl start vsftpd[root@localhost ~]# netstat -ntap | egrep '(21|80)'     //检查服务启动状况（80端口为http，21端口为ftp）tcp6       0      0 :::80                   :::*                    LISTEN      6399/httpd          tcp6       0      0 :::21                   :::*       3、路由的配置：三个端口设置IP 
R1#conf t R1(config)#int f 0/0R1(config-if)#ip add 192.168.90.1 255.255.255.0R1(config-if)#no shut R1(config-if)#int f 0/1R1(config-if)#ip add 192.168.80.1 255.255.255.0R1(config-if)#no shut R1(config-if)#int f 1/0R1(config-if)#ip add 192.168.100.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exR1(config)#do show ip route                 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2       E1 - OSPF external type 1, E2 - OSPF external type 2       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2       ia - IS-IS inter area, * - candidate default, U - per-user static route       o - ODR, P - periodic downloaded static routeGateway of last resort is not setC    192.168.90.0/24 is directly connected, FastEthernet0/0C    192.168.80.0/24 is directly connected, FastEthernet0/1C    192.168.100.0/24 is directly connected, FastEthernet1/04、进行扩展ACL的配置 
R1(config)#access-list 100 permit  tcp 192.168.80.20 0.0.0.255 192.168.100.100 0.0.0.255 eq 80           R1(config)#access-list 100 permit tcp host 192.168.90.10 host 192.168.100.100 eq 21      R1(config)#access-list 100 permit ip host 192.168.80.20 192.168.90.0 0.0.0.255         R1(config)#do show access-listExtended IP access list 100    10 permit tcp 192.168.80.0 0.0.0.255 192.168.100.0 0.0.0.255 eq www    20 permit tcp host 192.168.90.10 host 192.168.100.100 eq ftp    30 permit ip host 192.168.80.20 192.168.90.0 0.0.0.255R1(config)#int  f0/1        R1(config-if)#ip access-group 100 inR1(config-if)#int  f0/0R1(config-if)#ip access-group 100 inR1(config-if)#ex 5、结果测试 
pc1可以访问web网站服务 

pc2可以访问ftp服务 

允许pc1访问pc2 

MPLS的可管理性,打包专业的24小时网管中心服务, 极有经验的工程师,  系统主动监控, 简单排除端到端故障, 设备的全国性备件仓库。MPLS 的可拓展性：简便新增节点, 全局路由表自动生成, 新加入应用可以在PE端实现,无需用户任何改变。