时间访问控制列表,主要是来限制企业内网用户,来访问外网权限
动态访问控制列表,主要是限制外网用户来访问内网用户权限
外网 企业路由 外网
R1-------S1/1-------S1/0--------R2--------S1/1--------S1/0-------R3
基本网络环境的搭建:
R1:
Router#confi t
Router(config)#host R1
R1(config)#int s1/1
R1(config-if)#ip add 192.168.12.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#net 192.168.12.0
R1(config-router)#end
R3:
Router>en
Router#confi t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
R2(config)#int s1/0
R2(config-if)#ip add 192.168.12.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config-if)#int s1/1
R2(config-if)#ip add 192.168.23.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
R2(config-if)#exit
R2(config-router)#exit
R2(config)#router rip
R2(config-router)#net 192.168.12.0
R2(config-router)#net 192.168.23.0
R2(config-router)#end
R3:
Router>en
Router#confi t
Router(config)#host R3
R3(config)#int s1/0
R3(config-if)#ip add 192.168.23.2 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#router rip
R3(config-router)#net 192.168.23.0
R3(config-router)#end
配置telnet:
R1(config)#enable password 123
R1(config)#line vty 0 4
R1(config-line)#password 123
R1(config-line)#login
R1(config-line)#exit
R1(config)#exit
R3(config)#enable password 123
R3(config)#line vty 0 4
R3(config-line)#password 123
R3(config-line)#login
R3(config-line)#end
测试:
R1#ping 192.168.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/28 ms
R1#telnet 192.168.23.2
Trying 192.168.23.2 ... Open
User Access Verification
Password:
R3>en
Password:
R3:
R3#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/26/44 ms
R3#telnet 192.168.12.1
Trying 192.168.12.1 ... Open
User Access Verification
Password:
R1>en
Password:
R1#
开始做时间访问控制列表:
1. 定义时间:
R2(config)#time-range gongzuo
R2(config-time-range)#periodic weekdays 8:00 to 12:00
R2(config-time-range)#periodic weekdays 13:30 to 17:30
R2(config-time-range)#exit
2.定义时间ACL
R2(config)#access-list 100 permit tcp any any eq 25
R2(config)#access-list 100 permit tcp any any eq 110
R2(config)#access-list 100 permit udp any any eq 53
R2(config)#access-list 100 deny ip any any time-range gongzuo
R2(config)#access-list 100 permit ip any any
R2(config)#
3.放置时间ACL
R2(config)#int s1/0
R2(config-if)#ip access-group 100 out
R2(config-if)#
试验完成