扩展ACL的基本用法

实例二:扩展ACL的基本用法

 

1.限制PC1访问服务器的web

2.把控制列表应用在R2的S0/2/0的in方向


扩展ACL的基本用法_第1张图片



代码如下:

 

R1配置

en
conf t
hostname R1
 
int f0/0
ip address 192.168.1.254 255.255.255.0
no shutdown
exit
int f0/1
ip address 192.168.2.254 255.255.255.0
no shutdown
exit
int s0/2/0
ip address 192.168.3.254 255.255.255.0
no shutdown
clock rate 64000
exit
 
 
 
router rip
version 2
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
exit
 
end


 

R2配置

en
conf t
hostname R2
 
int s0/2/0
ip address 192.168.3.253 255.255.255.0
ip access-group 101 in
no shutdown
exit
 
int f0/0
ip address 192.168.4.254 255.255.255.0
no shutdown
exit
 
 
access-list 101 deny tcp 192.168.1.0 0.0.0.255 192.168.4.00.0.0.255 eq 80
access-list 101 permit ip any any
 
 
 
 
 
router rip
version 2
network 192.168.3.0
network 192.168.4.0
exit
 
end


 

 

 

 

测试结果:PC1可以ping通,但不能访问web

 

PC>ping 192.168.4.253

 

Pinging 192.168.4.253 with 32 bytes of data:

 

Reply from 192.168.4.253: bytes=32 time=19ms TTL=126

Reply from 192.168.4.253: bytes=32 time=4ms TTL=126

Reply from 192.168.4.253: bytes=32 time=1ms TTL=126

Reply from 192.168.4.253: bytes=32 time=1ms TTL=126

 

Ping statistics for 192.168.4.253:

    Packets:Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum= 19ms, Average = 6ms

 

 

http://192.168.4.253

Request Timeout



结果分析:访问列表成功起到过滤作用


你可能感兴趣的:(ACL访问控制列表)