中国网络-ITPro俱乐部 » 思科&华为3Com&juniper » 扩展ACL配置

3G双线主机空间1元认购中-友创互联	天天土豆免费电影看	371啦上网导航	Certification Braindumps
Microsoft SharePoint 2007教程大全	CCIE实验笔记 Cisco在线实验室	Pass4Side Real Exam Questions	TestInside,Help You Pass Any IT Exam!

打印

扩展ACL配置

独孤文昌

助理工程师

Rank: 3 Rank: 3 Rank: 3

生活在最低层的民工

UID: 32
帖子: 63
精华: 1
威望: 76
贡献: 0
俱乐部金币: 110 枚
阅读权限: 30
在线时间: 1 小时
注册时间: 2006-2-20
最后登录: 2007-6-18

1^# 大中小发表于 2006-2-27 19:45 只看该作者

扩展ACL配置

top图如上所示：
要求如下:(1)在路由器R3上面使用ping命令，能ping通R2 但是不通ping通R1
      (2)在路由器1上面可以ping通R2和R3
      (3)在路由器2上面使用ping命令，能ping通R1。也能ping通R3上面的S0(20.1.1.3)
         不通ping通R3上面的L0(30.1.1.3)
      使用EIGRP动态路由协议，区域号是100

R1#show run
Building configuration...

Current configuration : 508 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
router eigrp 100                      //eigrp区域号为100
network 10.1.1.0 0.0.0.255
no auto-summary                      //关掉自动汇总
!
no ip http server
ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end

R1#ping 20.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R1#ping 30.1.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/37/40 ms

R2#show run
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Ethernet0
ip address 10.1.1.2 255.255.255.0
ip access-group 101 out       //在EO口上面绑定编号为101的扩展访问控制列表，从这个端口输
!                               从这个端口离开
interface Serial0
ip address 20.1.1.2 255.255.255.0
clockrate 56000                //配置DCE时钟
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
router eigrp 100
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
no auto-summary
!
ip classless
no ip http server
!
access-list 101 deny icmp host 20.1.1.3 host 10.1.1.1 echo //访问列表编号为101 扩展列表
                                 //拒绝icmp协议源地址为20.1.1.3 目的地址为10.1.1.1
access-list 101 permit ip any any  //许可其它的数据经过
!
line con 0
no exec
transport input none
line aux 0
line vty 0 4
!
end

R2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
R2#ping 20.1.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
R2#ping 30.1.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.3, timeout is 2 seconds:
U.U.U                                  //ping 路由器R3上面的端口不可达
Success rate is 0 percent (0/5)

R3#show run
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Loopback0
ip address 30.1.1.3 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
ip address 20.1.1.3 255.255.255.0
ip access-group 102 in
!
interface Serial1
no ip address
shutdown
!
router eigrp 100
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
no auto-summary
!
ip classless
no ip http server
!
access-list 102 deny icmp 20.1.1.0 0.0.0.255 host 30.1.1.3 echo //访问列表编号为102扩展
                                    // 列表拒绝icmp协议源地址为20.1.1.0这个网段内的
                                    // 所有地址，目的地址为30.1.1.3

access-list 102 permit ip any any    //许可其它的数据经过
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end

R3#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
U.U.U    //ping路由器R1不可到达
Success rate is 0 percent (0/5)
R3#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms
R3#ping 20.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
R3#ping 20.1.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/80 ms

  注：本文章属中国网络cnfan.net原创作者独孤文昌，版权归中国网络cnfan.net所有，如要转载，请注明出处