扩展ACL(Extended ACL) 
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://loveme23.blog.51cto.com/7891/29239 |
实验来源:工大瑞普Cisco网络技术论坛  要求: 1.禁止r1 telnet r4 2.禁止r2 ping r4 3.其它访问均允许 2.在每台路由器上配置OSPF路由协议(有不会的清看上一次的标准ACL的有关OSPF的基本配置) 3.3.设置ACL(注:标准ACL应该在距离目标近的地方设置,扩展ACL应该在距离源较近的地方设置) r3(config)#access-list 100 deny tcp host 192.168.1.1 any eq telnet r3(config)#access-list 100 deny icmp host 192.168.1.2 any r3(config)#access-list 100 deny icmp host 131.16.24.1 any r3(config)#access-list 100 permit ip any any r3(config)#int s1/2 r3(config-if)#ip access-group 100 out 验证: r1#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/132/160 ms r1#telnet 172.16.1.2 Trying 172.16.1.2 ... % Destination unreachable; gateway or host down r2#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) r2#ping Protocol [ip]: Target IP address: 172.16.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 131.16.24.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: Packet sent with a source address of 131.16.24.1 U.U.U Success rate is 0 percent (0/5) r2#telnet 172.16.1.2 Trying 172.16.1.2 ... Open User Access Verification Password: % Password: timeout expired! Password: r3#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/63/80 ms 本文出自 “★Beckham~23” 博客,请务必保留此出处http://loveme23.blog.51cto.com/7891/29239 本文出自 51CTO.COM技术博客 |
loveme23
博客统计信息
热门文章
最新评论
友情链接