Packet Tracer 50建构CCNA实验攻略ACL简单的配置.docx
- 文档编号:25932706
- 上传时间:2023-06-16
- 格式:DOCX
- 页数:13
- 大小:303.49KB
Packet Tracer 50建构CCNA实验攻略ACL简单的配置.docx
《Packet Tracer 50建构CCNA实验攻略ACL简单的配置.docx》由会员分享,可在线阅读,更多相关《Packet Tracer 50建构CCNA实验攻略ACL简单的配置.docx(13页珍藏版)》请在冰豆网上搜索。
PacketTracer50建构CCNA实验攻略ACL简单的配置
PacketTracer5.0建构CCNA实验攻略(15)——ACL简单的配置
2008-10-0822:
43
PacketTracer5.0是一款非常不错的Cisco(思科)网络设备模拟器,对于想考思科初级认证(如CCNA)的朋友们来说,PacketTracer5.0是非常不错的选择。
通常我们周围并没有那么多思科的设备供我们学习调试,参加培训费用很贵,上机实践的机会还是有限的,利用PacketTracer5.0练习思科IOS操作命令很不错的。
近日,在网上下载了思科CCNA640-802指导用书,打算根据此教程与诸位网友共同分享PacketTracer5.0的使用方法与技巧,也借此抛砖引玉。
ACL(AccessControlList,访问控制列表),简单说就是包过滤,根据数据包的报头中的ip地址、协议端口号等信息进行过滤。
利用ACL可以实现安全控制。
编号:
1-99or1300-1999(standardIP),100-199or2000-2699(ExtendedIP)。
ACL并不复杂,但在实际应用中的,要想恰当地应用ACL,必需要制定合理的策略。
一、实验配置拓扑图
图一
图二 网络中的DNS服务器:
192.168.1.2
图三 网络中的WWW服务器:
192.168.1.3
二、三个路由器的基本配置
LuoShan#shstartup-config
Using699bytes
!
version12.4
noservicepassword-encryption
!
hostnameLuoShan
!
!
enablepasswordcisco
!
!
!
!
usernamesenyapassword0cisco
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.3.1255.255.255.0
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.17.1.1255.255.255.0
clockrate56000
!
interfaceSerial0/3/1
ipaddress172.18.1.2255.255.255.0
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.3.0
network172.17.0.0
network172.18.0.0
auto-summary
!
ipclassless
!
!
!
!
!
linecon0
linevty04
passwordcisco
login
!
!
end
HuangChuang#shstartup-config
Using669bytes
!
version12.4
noservicepassword-encryption
!
hostnameHuangChuang
!
!
enablepasswordcisco
!
!
!
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.2.1255.255.255.0
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.17.1.2255.255.255.0
!
interfaceSerial0/3/1
ipaddress172.16.1.1255.255.255.0
clockrate56000
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.2.0
network172.17.0.0
network172.16.0.0
auto-summary
!
ipclassless
!
!
!
!
!
linecon0
linevty04
passwordcisco
login
!
!
end
xixian#shstartup-config
Using679bytes
!
version12.4
servicepassword-encryption
!
hostnamexixian
!
!
enablepassword70822455D0A16
!
!
!
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.1.1255.255.255.0
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.18.1.1255.255.255.0
clockrate56000
!
interfaceSerial0/3/1
ipaddress172.16.1.2255.255.255.0
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.1.0
network172.18.0.0
network172.16.0.0
auto-summary
!
ipclassless
!
!
!
!
!
linecon0
linevty04
password70822455D0A16
login
!
!
end
三、配置简单的ACL
1、配置ACL限制远程登录到路由器的主机
HuangChuang#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
HuangChuang(config)#access-list1permithost192.168.2.2 \\路由器HuangChuang只允许
192.168.2.2远程登录(telnet)
HuangChuang(config)#linevty04
HuangChuang(config-line)#access-class1in
HuangChuang(config-line)#
其它两个路由器配置相似。
2、配置ACL禁止192.168.3.0/24网段的icmp协议数据包通向与192.168.1.0/24网段
xixian(config)#access-list101denyicmp192.168.3.00.0.0.255192.168.1.00.0.0.255
xixian(config)#access-list101permitipanyany
xixian(config)#intfa0/1
xixian(config-if)#ipaccess-group101out
xixian(config-if)#
3、配置ACL禁止特点的协议端口通讯
HuangChuang#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
HuangChuang(config)#ipaccess-listextendedACL1 \\创建基于名称的扩展ACL
HuangChuang(config-ext-nacl)#denytcphost192.168.2.2192.168.1.00.0.0.255eq80
HuangChuang(config-ext-nacl)#denyudphost192.168.2.3192.168.1.00.0.0.255eq53
HuangChuang(config-ext-nacl)#permitipanyany
HuangChuang(config-ext-nacl)#exit
HuangChuang(config)#intfa0/1
HuangChuang(config-if)#ipaccess-groupACL1in
HuangChuang(config-if)#
图四 验证ACL
4。
检验、查看ACL
HuangChuang#shaccess-list
StandardIPaccesslist1
permithost192.168.2.2(4match(es))
ExtendedIPaccesslistACL1
denyudphost192.168.2.3192.168.1.00.0.0.255eqdomain
denytcphost192.168.2.2192.168.1.00.0.0.255eqwww
permitipanyany
HuangChuang#showaccess-list
StandardIPaccesslist1
permithost192.168.2.2(4match(es))
ExtendedIPaccesslistACL1
denyudphost192.168.2.3192.168.1.00.0.0.255eqdomain(15match(es))
denytcphost192.168.2.2192.168.1.00.0.0.255eqwww(60match(es))
permitipanyany(34match(es))
HuangChuang#showaccess-listACL1
ExtendedIPaccesslistACL1
denyudphost192.168.2.3192.168.1.00.0.0.255eqdomain(15match(es))
denytcphost192.168.2.2192.168.1.00.0.0.255eqwww(60match(es))
permitipanyany(34match(es))
HuangChuang#showaccess-list1
StandardIPaccesslist1
permithost192.168.2.2(4match(es))
四、配置ACL的路由器配置内容
HuangChuang#shstartup-config
Using914bytes
!
version12.4
noservicepassword-encryption
!
hostnameHuangChuang
!
!
enablepasswordcisco
!
!
!
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.2.1255.255.255.0
ipaccess-groupACL1in
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.17.1.2255.255.255.0
!
interfaceSerial0/3/1
ipaddress172.16.1.1255.255.255.0
clockrate56000
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.2.0
network172.17.0.0
network172.16.0.0
auto-summary
!
ipclassless
!
!
access-list1permithost192.168.2.2
ipaccess-listextendedACL1
denyudphost192.168.2.3192.168.1.00.0.0.255eqdomain
denytcphost192.168.2.2192.168.1.00.0.0.255eqwww
permitipanyany
!
!
!
linecon0
linevty04
access-class1in
passwordcisco
login
!
!
end
LuoShan#shstartup-config
Using756bytes
!
version12.4
noservicepassword-encryption
!
hostnameLuoShan
!
!
enablepasswordcisco
!
!
!
!
usernamesenyapassword0cisco
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.3.1255.255.255.0
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.17.1.1255.255.255.0
clockrate56000
!
interfaceSerial0/3/1
ipaddress172.18.1.2255.255.255.0
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.3.0
network172.17.0.0
network172.18.0.0
auto-summary
!
ipclassless
!
!
access-list2permithost192.168.3.2
!
!
!
linecon0
linevty04
access-class2in
passwordcisco
login
!
!
end
xixian#showstartup-config
Using808bytes
!
version12.4
servicepassword-encryption
!
hostnamexixian
!
!
enablepassword70822455D0A16
!
!
!
!
ipsshversion1
noipdomain-lookup
!
!
interfaceFastEthernet0/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceFastEthernet0/1
ipaddress192.168.1.1255.255.255.0
ipaccess-group101out
duplexauto
speedauto
!
interfaceSerial0/3/0
ipaddress172.18.1.1255.255.255.0
clockrate56000
!
interfaceSerial0/3/1
ipaddress172.16.1.2255.255.255.0
!
interfaceVlan1
noipaddress
shutdown
!
routereigrp100
network192.168.1.0
network172.18.0.0
network172.16.0.0
auto-summary
!
ipclassless
!
!
access-list101denyicmp192.168.3.00.0.0.255192.168.1.00.0.0.255
access-list101permitipanyany
!
!
!
linecon0
linevty04
password70822455D0A16
login
!
!
end
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Packet Tracer 50建构CCNA实验攻略ACL简单的配置 50 建构 CCNA 实验 攻略 ACL 简单 配置