基本IP配置<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

R1:

Router>en

Router#conf t

Enter configuration commands, one per line.? End with CNTL/Z.

Router(config)#no ip do lo

Router(config)#line console 0

Router(config-line)#exec-timeout 0 0

Router(config-line)#logg syn

Router(config-line)#end

?

r1(config)#int f0/0

r1(config-if)#no sw

r1(config-if)#ip add 192.168.4.1 255.255.255.0

r1(config-if)#no shut

r1(config-if)#exit

r1(config)#int f0/1

r1(config-if)#no sw

r1(config-if)#ip add 192.168.1.1 255.255.255.0

r1(config-if)#no shut

r1(config-if)#exit

?

r1(config)#router eigrp 100

r1(config-router)#network 192.168.1.1 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.0

r1(config-router)#network 192.168.4.1 0.0.0.0

r1(config-router)#exit

?

R2:

r2(config)#int f0/1

r2(config-if)#no sw

r2(config-if)#ip add 192.168.2.1 255.255.255.0

r2(config-if)#no shut

r2(config-if)#exit

?

r2(config)#int f0/0

r2(config-if)#no sw

r2(config-if)#ip add 192.168.4.2 255.255.255.0

r2(config-if)#no shut

r2(config-if)#exit

?

r2(config)#router eigrp 100

r2(config-router)#network 192.168.2.1 0.0.0.0

r2(config-router)#network 192.168.4.2 0.0.0.0

r2(config-router)#exit

?

?

R3:

r3(config)#int f0/0

r3(config-if)#no sw

r3(config-if)#ip add 192.168.4.3 255.255.255.0

r3(config-if)#no shut

r3(config-if)#exit

?

r3(config)#int f0/1

r3(config-if)#no sw

r3(config-if)#ip add 192168.3.1 255.255.255.0

r3(config-if)#no shut

r3(config-if)#exit

r3(config)#router eigrp 100

r3(config-router)#network 192.168.3.1 0.0.0.0

r3(config-router)#network 192.168.4.3 0.0.0.0

r3(config-router)#exit

?

SW1:

sw1(config)#int f0/0

sw1(config-if)#no shut

sw1(config-if)#exit

?

sw1(config)#int f0/1

sw1(config-if)#no shut

sw1(config-if)#exit

?

sw1(config)#int f0/2

sw1(config-if)#no shut

sw1(config-if)#exit

1.???? 在ROUTER1上應(yīng)用標(biāo)準(zhǔn)訪問控制列表僅限制PC1對(duì)VS1的訪問。

r1(config)#access-list 1 deny host 192.168.3.2

r1(config)#access-list 1 permit any

r1(config)#int f0/0

r1(config-if)#ip access-group 1 in

?

測(cè)試結(jié)果

VPCS 1 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 timeout

192.168.1.2 icmp_seq=2 timeout

192.168.1.2 icmp_seq=3 timeout

192.168.1.2 icmp_seq=4 timeout

192.168.1.2 icmp_seq=5 timeout

?

任務(wù)2.在ROUTER2上應(yīng)用標(biāo)準(zhǔn)訪問控制列表限制網(wǎng)絡(luò)192.168.3.0/24訪問VS2。

r2(config)#access-list 1 deny 192.168.3.0 0.0.0.255

r2(config)#access-list 1 permit any

r2(config)#int f0/0

r2(config-if)#ip access-group 1 in

r2(config-if)#exit

?

? 測(cè)試結(jié)果

VPCS 1 >ping 192.168.2.2

192.168.2.2 icmp_seq=1 timeout

192.168.2.2 icmp_seq=2 timeout

192.168.2.2 icmp_seq=3 timeout

192.168.2.2 icmp_seq=4 timeout

192.168.2.2 icmp_seq=5 timeout

?

r3#ping 192.168.2.2 source 192.168.3.1

?

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.1

U.U.U

Success rate is 0 percent (0/5)

?

?

任務(wù)3.在ROUTER2上應(yīng)用擴(kuò)展訪問控制列表拒絕VS1向VS2發(fā)起遠(yuǎn)程桌面，但是允許別的流量

r2(config)#access-list 101 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389

r2(config)#access-list 101 permit ip any any

r2(config)#int f0/0

r2(config-if)#ip access-group 101 in

顯示結(jié)果

R2?

r2(config)#ip access-list extended 101

r2(config-ext-nacl)#15 deny icmp host 192.168.1.2 host 192.168.2.2

?

r2#show access-lists

Standard IP access list 1

??? 10 deny?? 192.168.3.0, wildcard bits 0.0.0.255 (26 matches)

??? 20 permit any (830 matches)

Extended IP access list 101

??? 10 deny tcp host 192.168.1.2 host 192.168.2.2 eq 3389

?15 deny icmp host 192.168.1.2 host 192.168.2.2 (24 matches)

??? 20 permit ip any any (853 matches)

實(shí)驗(yàn)結(jié)果 ? 虛擬VPC1

?

VPCS 1 >ip 192.168.3.2 192.168.3.1 255.255.255.0

PC1 : 192.168.3.2 255.255.255.0 gateway 192.168.3.1

?

VPCS 1 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 time=14.000 ms

192.168.1.2 icmp_seq=2 time=11.000 ms

192.168.1.2 icmp_seq=3 time=13.000 ms

192.168.1.2 icmp_seq=4 time=16.000 ms

192.168.1.2 icmp_seq=5 time=78.000 ms

?

VPCS 1 >ping 192.168.2.2

192.168.2.2 icmp_seq=1 time=13.000 ms

192.168.2.2 icmp_seq=2 time=43.000 ms

192.168.2.2 icmp_seq=3 time=79.000 ms

192.168.2.2 icmp_seq=4 time=46.000 ms

192.168.2.2 icmp_seq=5 time=13.000 ms

?

VS2? (192.168.2.2 GW 192.168.2.1)

?

C:\Documents and Settings\Administrator>ping 192.168.1.2

?

Pinging 192.168.1.2 with 32 bytes of data:

?

Reply from 192.168.1.2: bytes=32 time=53ms TTL=126

Reply from 192.168.1.2: bytes=32 time=8ms TTL=126

Reply from 192.168.1.2: bytes=32 time=10ms TTL=126

Reply from 192.168.1.2: bytes=32 time=43ms TTL=126

Ping statistics for 192.168.1.2:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 8ms, Maximum = 53ms, Average = 28ms

?

C:\Documents and Settings\Administrator>ping 192.168.3.2

?

Pinging 192.168.3.2 with 32 bytes of data:

?

Reply from 192.168.3.2: bytes=32 time=9ms TTL=62

Reply from 192.168.3.2: bytes=32 time=16ms TTL=62

Reply from 192.168.3.2: bytes=32 time=53ms TTL=62

Reply from 192.168.3.2: bytes=32 time=79ms TTL=62

?

Ping statistics for 192.168.3.2:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

??? Minimum = 9ms, Maximum = 79ms, Average = 39ms

?

?

VS1(192.168.1.2 GW 192.168.1.1)

C:\Documents and Settings\Administrator>ping 192.168.3.2

?

Pinging 192.168.3.2 with 32 bytes of data:

?

Reply from 192.168.3.2: bytes=32 time=45ms TTL=62

Reply from 192.168.3.2: bytes=32 time=12ms TTL=62

Reply from 192.168.3.2: bytes=32 time=11ms TTL=62

Reply from 192.168.3.2: bytes=32 time=12ms TTL=62

?

Ping statistics for 192.168.3.2:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 45ms, Average = 20ms

?

?

C:\Documents and Settings\Administrator>ping 192.168.2.2

?

Pinging 192.168.2.2 with 32 bytes of data:

?

Reply from 192.168.2.2: bytes=32 time=111ms TTL=126

Reply from 192.168.2.2: bytes=32 time=40ms TTL=126

Reply from 192.168.2.2: bytes=32 time=11ms TTL=126

Reply from 192.168.2.2: bytes=32 time=10ms TTL=126

Ping statistics for 192.168.2.2:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

??? Minimum = 10ms, Maximum = 111ms, Average = 43ms

轉(zhuǎn)載于:https://blog.51cto.com/policyxiu/209037

總結(jié)

以上是生活随笔為你收集整理的ACL在路由器上设置例子的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。