CCNA实验六 ACL部署

文章目录

  • 实验环境
  • 实验一
    • R3命令行
    • R2命令行
    • R1命令行
  • 实验二
    • R3命令行
    • R2命令行
  • 实验三
    • R3命令行
    • R2命令行

实验环境

CCNA实验六 ACL部署_第1张图片

实验一

R2无法ping通R3

R3命令行

R3(config)#access-list 10 deny host 2.2.2.2           
R3(config)#access-list 10 permit any
R3(config)#int e 0/0
R3(config-if)#ip access-group 10 in
R3(config-if)#

R2命令行

R2#ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
U.U.U
Success rate is 0 percent (0/5)

R1命令行

Router#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1的ping行为不受ACL影响

实验二

2.2.2.2不能ping通3.3.3.3

同时

2.2.2.2可以telnet 3.3.3.3

R3命令行

R3(config)#username admin privilege 15 password admin
R3(config)#LINE VTY 0 4
R3(config-line)#LOG
R3(config-line)#log
R3(config-line)#login
R3(config-line)#login l
R3(config-line)#login local 
R3(config-line)#trans
R3(config-line)#transport inp
R3(config-line)#transport input all
R3(config-line)#exit

R3(config)#ip access-list extended NCR3
R3(config-ext-nacl)#10 d
R3(config-ext-nacl)#10 de
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 ho
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 host 3.3.3.3
R3(config-ext-nacl)#10 deny icmp host 2.2.2.2 host 3.3.3.3 echo
R3(config-ext-nacl)#20 p
R3(config-ext-nacl)#20 permit tcp host 2.2.2.2 host 3.3.3.3 eq 23
R3(config-ext-nacl)#exit
R3(config)#int e 0/0
R3(config-if)#ip acces
R3(config-if)#ip access-group M
R3(config-if)#ip access-group N
R3(config-if)#ip access-group NCR3 in
R3(config-if)#
*Jul 15 16:13:20.861: %OSPF-5-ADJCHG: Process 110, Nbr 1.1.1.1 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R3(config-if)#


R2命令行

R2#ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
U.U.U
Success rate is 0 percent (0/5)
R2#telnet 3.3.3.3 /so   
R2#telnet 3.3.3.3 /source-interface loo
R2#telnet 3.3.3.3 /source-interface loopback 0
Trying 3.3.3.3 ... Open

User Access Verification

Username: admin
Password: 
R3#

实验三

对VTY虚拟接口部署ACL,效果为:只有特定ip才能Telnet

R3命令行

R3(config)#ip access-list standard P12T      
R3(config-std-nacl)#10 Permit host 12.1.1.2
R3(config-std-nacl)#exit
R3(config)#line vty 0 4
R3(config-line)#acces
R3(config-line)#access-class P12T in

R2命令行

R2#
R2#telnet 3.3.3.3 /source-interface loopback 0
Trying 3.3.3.3 ... 
% Connection refused by remote host
  
R2#telnet 3.3.3.3 /source-interface ethernet 0/0
Trying 3.3.3.3 ... Open

User Access Verification

Username: admin
Password: 
R3#

你可能感兴趣的:(训练中的网工)