收藏小站
cisco_Packet_Tracer_5帮助文件80页word文档 下载本文

2、配置ACL禁止192.168.3.0/24网段的icmp协议数据包通向与192.168.1.0/24网段 xixian(config)#access-list 101 deny icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 xixian(config)#access-list 101 permit ip any any xixian(config)#int fa0/1

xixian(config-if)#ip access-group 101 out xixian(config-if)#

3、配置ACL禁止特点的协议端口通讯 HuangChuang#conf t

Enter configuration commands, one per line. End with CNTL/Z.

HuangChuang(config)#ip access-list extended ACL1 \\\\创建基于名称的扩展ACL HuangChuang(config-ext-nacl)#deny tcp host 192.168.2.2 192.168.1.0 0.0.0.255 eq 80 HuangChuang(config-ext-nacl)#deny udp host 192.168.2.3 192.168.1.0 0.0.0.255 eq 53 HuangChuang(config-ext-nacl)#permit ip any any HuangChuang(config-ext-nacl)#exit HuangChuang(config)#int fa0/1

HuangChuang(config-if)#ip access-group ACL1 in HuangChuang(config-if)#

第 69 页

图四 验证ACL

4。检验、查看ACL HuangChuang#sh access-list Standard IP access list 1

permit host 192.168.2.2 (4 match(es)) Extended IP access list ACL1

deny udp host 192.168.2.3 192.168.1.0 0.0.0.255 eq domain deny tcp host 192.168.2.2 192.168.1.0 0.0.0.255 eq www permit ip any any HuangChuang#show access-list Standard IP access list 1

第 70 页

permit host 192.168.2.2 (4 match(es)) Extended IP access list ACL1

deny udp host 192.168.2.3 192.168.1.0 0.0.0.255 eq domain (15 match(es)) deny tcp host 192.168.2.2 192.168.1.0 0.0.0.255 eq www (60 match(es)) permit ip any any (34 match(es)) HuangChuang#show access-list ACL1 Extended IP access list ACL1

deny udp host 192.168.2.3 192.168.1.0 0.0.0.255 eq domain (15 match(es)) deny tcp host 192.168.2.2 192.168.1.0 0.0.0.255 eq www (60 match(es)) permit ip any any (34 match(es)) HuangChuang#show access-list 1 Standard IP access list 1

permit host 192.168.2.2 (4 match(es)) 四、配置ACL的路由器配置内容HuangChuang#sh startup-config Using 914 bytes !

version 12.4

no service password-encryption !

hostname HuangChuang ! !

enable password cisco !

ip ssh version 1 no ip domain-lookup ! !

interface FastEthernet0/0 no ip address duplex auto 第 71 页

speed auto shutdown !

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0 ip access-group ACL1 in duplex auto speed auto !

interface Serial0/3/0

ip address 172.17.1.2 255.255.255.0 !

interface Serial0/3/1

ip address 172.16.1.1 255.255.255.0 clock rate 56000 !

interface Vlan1 no ip address shutdown !

router eigrp 100 network 192.168.2.0 network 172.17.0.0

network 172.16.0.0 auto-summary !

ip classless ! !

access-list 1 permit host 192.168.2.2 ip access-list extended ACL1

deny udp host 192.168.2.3 192.168.1.0 0.0.0.255 eq domain

deny tcp host 192.168.2.2 192.168.1.0 0.0.0.255 eq www permit ip any any !

line con 0 line vty 0 4 access-class 1 in password cisco login ! ! end

第 72 页

Word文档下载:cisco_Packet_Tracer_5帮助文件80页wo.doc
搜索更多:cisco_Packet_Tracer_5帮助文件80页wo


最新浏览


热门浏览
All rights reserved Powered by 南京廖华答案网 
资料来自互联网, 有任何疑问,请联系客服:779662525☒qq.com 苏ICP备20003344号-2