1、acl综合配置练习ACL综合配置练习某某: 学号: 班级: 任务1:配置带有CHAP身份验证的PPP步骤1:将HQ和B1之间的链路配置为使用带有CHAP身份验证的PPP封装Password: HQenablePassword: HQ#config tHQ(config)#username B1 password cisco123HQ(config)#interface s0/0/0HQ(config-if)#no shutdownHQ(config-if)#encapsulation pppHQ(config-if)#encapsulation pppHQ(config-if)#ppp aut
2、hentication chapHQ(config-if)#endHQ#copy running-config startup-config HQ#Password: B1enablePassword: B1#config tB1(config)#username HQ password cisco123B1(config)#interface s0/0/0B1(config-if)#no shutdownB1(config-if)#encapsulation pppB1(config-if)#ppp authentication chapB1(config-if)#endB1#copy ru
3、nning-config startup-config步骤2:将HQ和B2之间的链路配置为使用带有CHAP身份验证的PPP封装HQ#config tHQ(config)#username B2 password cisco123HQ(config)#interface s0/0/1HQ(config-if)#no shutdownHQ(config-if)#encapsulation pppHQ(config-if)#ppp authentication chapHQ(config-if)#endHQ#copy running-config startup-config HQ#Password
4、: B2enablePassword: B2#config tB2(config)#username HQ password cisco123B2(config)#interface s0/0/0B2(config-if)#no shutdownB2(config-if)#encapsulation pppB2(config-if)#ppp authentication chapB2(config-if)#endB2#copy running-config startup-config步骤3:检查路由器之间是否已恢复连通性HQ ping B1HQ ping B2任务2:配置默认路由步骤1:配置
5、从HQ到ISP的默认路由HQ#config tHQ(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0HQ(config)#endHQ#copy running-config startup-configHQ#步骤2:测试与Web Server的连通性任务3:配置OSPF路由步骤1:在HQ上配置OSPFHQ#config tHQ(config)#router ospf 1HQ(config-router)#network 10.1.40.0 0.0.0.255 area 0HQ(config-router)#network 10.1.50.0 0.0.0.255 a
6、rea 0HQ(config-router)#network 10.1.1.0 0.0.0.3 area 0HQ(config-router)#network 10.1.1.4 0.0.0.3 area 0HQ(config-router)#passive-interface f0/0HQ(config-router)#passive-interface f0/1HQ(config-router)#passive-interface s0/1/0HQ(config-router)#log-adjacency-changesHQ(config-router)#default-informatio
7、n originateHQ(config-router)#endHQ#copy running-config startup-configHQ#步骤2:在B1和B2上配置OSPFPassword: B1enablePassword: B1#config tB1(config)#router ospf 1B1(config-router)#network 10.1.20.0 0.0.0.255 area 0B1(config-router)#network 10.1.10.0 0.0.0.255 area 0B1(config-router)#network 10.1.1.0 0.0.0.3 a
8、rea 0B1(config)#router ospf 1B1(config-router)#passive-interface f0/0B1(config-router)#passive-interface f0/1B1(config-router)#endB1#copy running-config startup-configB1#Password: B2enablePassword: B2#config tB2(config)#router ospf 1B2(config-router)#network 10.1.1.4 0.0.0.3 area 0B2(config-router)#
9、network 10.1.70.0 0.0.0.255 area 0B2(config-router)#network 10.1.80.0 0.0.0.255 area 0B2(config-router)#passive-interface f0/0B2(config-router)#passive-interface f0/1B2(config-router)#endB2#copy running-config startup-configB2#步骤3:测试整个网络的连通性PC1 ping PC2PC1 ping PC4PC1 ping PC5PC1 ping PC6PC1 ping Se
10、rver-PT内部网PC1 ping Server-PT Web ServerPC5 ping Server-PT Web Server任务4:实施多项ACL安全策略步骤1:实施第一项安全策略HQenablePassword: HQ#config tHQ(config)#access-list 10 permit anyHQ(config)#interface f0/1HQ(config-if)#ip access-group 10 outHQ(config-if)#endHQ#copy running-config startup-config HQ#步骤2:检查第一项安全策略是否已实现PC
11、5 ping PC1步骤4:实施第二项安全策略B1(config)#access-list 115 permit ip any anyB1(config)#interface f0/0B1(config-if)#ip access-group 115 inB1(config-if)#endB1#copy running-config startup-configB1#步骤5:检查第二项安全策略是否已实现PC5 ping PC3步骤7:实施第三项安全策略配置前测试PC2 ping Server-PT 内部的PC3 ping Server-PT 内部的配置HQ(config)#access-lis
12、t 101 deny tcp 10.1.50.0 0.0.0.63 host 10.1.80.16 eq HQ(config)#access-list 101 permit ip any anyHQ(config)#interface f0/0HQ(config-if)#ip access-group 101 in配置后测试步骤10:实施第四项安全策略B2enablePassword: B2#config tB2(config)#ip access-list extended NO_FTPB2(config-ext-nacl)#deny tcp 10.1.70.0 0.0.0.255 host
13、 10.1.10.2 eq 21B2(config-ext-nacl)#permit ip any anyB2(config-ext-nacl)#interface f0/1B2(config-if)#ip access-group NO_FTP inB2(config-if)#endB2#copy running-config startup-configB2#步骤11:检测结果步骤12:实施第五项安全策略HQ#config tHQ(config)#ip access-list extended FIREWALLHQ(config-ext-nacl)#permit icmp any any
14、echo-replyHQ(config-ext-nacl)#permit tcp any any establishedHQ(config-ext-nacl)#deny ip any anyHQ(config-ext-nacl)#interface s0/1/0HQ(config-if)#description Link to ISPHQ(config-if)#ip access-group FIREWALL inHQ(config-if)#endHQ#copy running-config startup-config HQ#步骤13:检查第五项安全策略是否已实现PC1 ping Web ServerPC4 ping Web ServerWeb Server ping PC1Web Server ping PC5
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 