实验指南：ACL（下）

实验指南

 

 

OSPF is the routing protocol. All new sites are to be configured as stub areas.

 

Control traffic so that only FTP, TFTP, and ping go across the serial link. Allow FTP access only to the server 150.10.1.10 from the 132.31.5.16/27 subnet.
 
Use named access lists.

 

Configure an access list that denies Telnet access to graceland until a user authenticates with the wavester router. Then allow access only from the 132.31.5.16/27 subnet.

Jo_college
conf t
host Jo_college
int l 0
ip ad 1.1.1.1 255.255.255.255
int f 0/0
ip ad 132.31.5.17 255.255.255.224
ip access-group NAMEACL in
no shut
int s2/0
ip ad 150.100.100.1 255.255.255.252
encap f
no arp f
no frame inver
frame map ip 150.100.100.2 102 b
no shut
exit
ip access-list extended NAMEACL
permit icmp any any
permit ospf any any
permit udp any any eq tftp
permit tcp 132.31.5.16 0.0.0.15 host 150.10.1.10 eq ftp
permit tcp 132.31.5.16 0.0.0.15 any eq telnet
router ospf 1
router-id 1.1.1.1
nei 150.100.100.2
net 132.31.5.17 0.0.0.0 a 100
net 150.100.100.1 0.0.0.0 a 100
area 100 stub
end

Wavester
conf t
host Wavester
username MATT password  cisco
username MATT autocommand access-enable host timeout 10
int l 0
ip ad 2.2.2.2 255.255.255.255
int s2/0
ip ad 150.100.100.2 255.255.255.252
encap f
no arp f
no frame inver
frame map ip 150.100.100.1 201 b
no shut
ip access-group  DYNAMICACL in
int f 0/0
ip ad 150.10.1.4 255.255.255.0
no shut
exit
ip access-list extended DYNAMICACL
dynamic cisco timeout 10 permit tcp 132.31.5.16 0.0.0.15 host 150.10.1.1 eq telnet
permit tcp 132.31.4.16 0.0.0.15 any eq telnet
deny   tcp any host 150.10.1.1 eq telnet
permit ip any any
router ospf 1
router-id 2.2.2.2
nei 150.100.100.1
net 150.100.100.2 0.0.0.0 a 100
net 150.10.1.4 0.0.0.0 a 0
area 100 stub
end

Graceland
conf t
host Graceland
int l 0
ip ad 3.3.3.3 255.255.255.255
int f 0/0
ip ad 150.10.1.1 255.255.255.0
no shut
exit
router ospf 1
net 150.10.1.1 0.0.0.0 a 0
end

本文出自 “穿过地狱去看海” 博客，谢绝转载！