扩展访问控制列表技术.docx
《扩展访问控制列表技术.docx》由会员分享,可在线阅读,更多相关《扩展访问控制列表技术.docx(13页珍藏版)》请在冰豆网上搜索。
扩展访问控制列表技术
扩展访问控制列表技术
一.网络拓扑图
二.实验要求
1.根据网络拓扑图正确配置IP地址
2.全网采用OSPF技术互联
3.使用扩展访问控制列表技术控制PC1不能访问S1的WEB服务,PC0可以正常访问WEB服务
三.配置过程
1.R1:
Router>ena
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hosR1
R1(config)#intf0/0
R1(config-if)#ipaddress192.168.1.254255.255.255.0
R1(config-if)#noshutdown
R1(config-if)#exi
R1(config)#intf1/0
R1(config-if)#ipaddress192.168.2.254255.255.255.0
R1(config-if)#noshutdown
R1(config-if)#exi
R1(config)#ints2/0
R1(config-if)#ipaddress10.1.1.1255.255.255.0
R1(config-if)#clora64000
R1(config-if)#noshutdown
R1(config-if)#exi
R1(config)#routerospf1
R1(config-router)#network10.1.1.00.0.0.255ar0
R1(config-router)#network192.168.1.00.0.0.255ar0
R1(config-router)#network192.168.2.00.0.0.255ar0
R1(config-router)#exi
R1(config)#access-list100denytcp192.168.2.00.0.0.255172.16.1.00.0.0.255eqwww//创建扩展访问控制列表100,禁止192.168.2.0/24网段不能访问172.16.1.0/24网段的WWW服务
R1(config)#access-list100permitipanyany//允许所有数据包通过
R1(config)#ints2/0
R1(config-if)#ipaccess-group100out//将访问控制列表100应用到S2/0的出方向
R1(config-if)#exi
R1(config)#dowr
Buildingconfiguration...
[OK]
2.R2:
Router>ena
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hosR2
R2(config)#intf0/0
R2(config-if)#ipaddress172.16.1.254255.255.255.0
R2(config-if)#noshutdown
R2(config-if)#exi
R2(config)#ints2/0
R2(config-if)#ipaddress10.1.1.2255.255.255.0
R2(config-if)#noshutdown
R2(config-if)#exi
R2(config)#ro
R2(config)#routerospf1
R2(config-router)#network172.16.1.00.0.0.255ar0
R2(config-router)#network10.1.1.00.0.0.255ar0
R2(config-router)#exi
R2(config)#dowr
Buildingconfiguration...
[OK]
R2(config)#
四.配置文件
1.R1:
R1(config)#doshrun
Buildingconfiguration...
Currentconfiguration:
965bytes
!
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameR1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interfaceFastEthernet0/0
ipaddress192.168.1.254255.255.255.0
duplexauto
speedauto
!
interfaceFastEthernet1/0
ipaddress192.168.2.254255.255.255.0
duplexauto
speedauto
!
interfaceSerial2/0
ipaddress10.1.1.1255.255.255.0
ipaccess-group100out
clockrate64000
!
interfaceSerial3/0
noipaddress
clockrate2000000
shutdown
!
interfaceFastEthernet4/0
noipaddress
shutdown
!
interfaceFastEthernet5/0
noipaddress
shutdown
!
routerospf1
log-adjacency-changes
network10.1.1.00.0.0.255area0
network192.168.1.00.0.0.255area0
network192.168.2.00.0.0.255area0
!
ipclassless
!
!
access-list100denytcp192.168.2.00.0.0.255172.16.1.00.0.0.255eqwww
access-list100permitipanyany
!
!
!
!
!
linecon0
linevty04
login
!
!
!
End
2.R2:
R2(config)#doshrun
Buildingconfiguration...
Currentconfiguration:
758bytes
!
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameR2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interfaceFastEthernet0/0
ipaddress172.16.1.254255.255.255.0
duplexauto
speedauto
!
interfaceFastEthernet1/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceSerial2/0
ipaddress10.1.1.2255.255.255.0
!
interfaceSerial3/0
noipaddress
clockrate2000000
shutdown
!
interfaceFastEthernet4/0
noipaddress
shutdown
!
interfaceFastEthernet5/0
noipaddress
shutdown
!
routerospf1
log-adjacency-changes
network172.16.1.00.0.0.255area0
network10.1.1.00.0.0.255area0
!
ipclassless
!
!
!
!
!
!
!
linecon0
linevty04
login
!
!
!
End
五.测试结果
1.PC0能PING通S1,能访问WWW服务
2.PC1不能访问WWW服务,但能PING通S1