扩展ACL
 要求: 1.禁止r1 telnet r4 2.禁止r2 ping r4 3.其它访问均允许 2.在每台路由器上配置OSPF路由协议(有不会的清看上一次的标准ACL的有关OSPF的基本配置) 3.3.设置ACL(注:标准ACL应该在距离目标近的地方设置,扩展ACL应该在距离源较近的地方设置) r3(config)#access-list 100 deny tcp host 192.168.1.1 any eq telnet r3(config)#access-list 100 deny icmp host 192.168.1.2 any r3(config)#access-list 100 deny icmp host 131.16.24.1 any r3(config)#access-list 100 permit ip any any r3(config)#int s1/2 r3(config-if)#ip access-group 100 out 验证: r1#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/132/160 ms r1#telnet 172.16.1.2 Trying 172.16.1.2 ... % Destination unreachable; gateway or host down r2#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) r2#ping Protocol [ip]: Target IP address: 172.16.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 131.16.24.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: Packet sent with a source address of 131.16.24.1 U.U.U Success rate is 0 percent (0/5) r2#telnet 172.16.1.2 Trying 172.16.1.2 ... Open User Access Verification Password: % Password: timeout expired! Password: r3#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/63/80 ms 出自 http://loveme23.51cto.com/blog/7891/29239本文出自 51CTO.COM技术博客 |
lanyue24
博客统计信息
热门文章
最新评论
友情链接