思科非标准访问控制列表

最新推荐文章于 2024-12-03 14:14:16 发布

原创最新推荐文章于 2024-12-03 14:14:16 发布 · 530 阅读

2 ·

CC 4.0 BY-SA版权

文章标签：

#vlan #标准 #交换机

网络工程专栏收录该内容

7 篇文章

订阅专栏

1. 允许财务部计算机能够访问Intelnet

2. 允许市场部计算机只能访问Intelnet的web服务器，不能ping通

3. 服务器组的计算机能ping通内网任何计算机，不能做其他访问

4. 只允许192.168.2.2可以Telnet连接R1


R1:
Router>enable
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int ethernet 1/0
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#int eth1/1
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#int eth1/2
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#exit
R1(config)#int serial 0/3/0
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.3.1 255.255.255.0
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#network 192.168.1.0
R1(config-router)#network 192.168.2.0
R1(config-router)#network 192.168.3.0
R1(config-router)#network 192.168.0.0
R1(config-router)#exit
R1(config)#^Z
R1#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.0.0/24 is directly connected, Ethernet1/1
C    192.168.1.0/24 is directly connected, Ethernet1/0
C    192.168.2.0/24 is directly connected, Ethernet1/2

R1#conf t
R1(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any 
R1(config)#access-list 100 permit tcp 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255 eq www 
R1(config)#access-list 100 permit icmp 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255 
R1(config)#int serial 0/3/0 
R1(config-if)#ip access-group 100 out 
R1(config-if)#^Z
R1#
R1#show access-lists 100
Extended IP access list 100
    permit ip 192.168.1.0 0.0.0.255 any
    permit tcp 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255 eq www
permit icmp 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255
R1#conf t
R1(config)#access-list 10 per
R1(config)#access-list 10 permit 192.168.2.2 0.0.0.0
R1(config)#line vty 0 2
R1(config-line)#access-class 10 in
R2:
Router>enable
Router#conf t
Router(config)#hostname R2
R2(config)#int serial 0/3/0
R2(config-if)#no shutdown
R2(config-if)#ip address 192.168.3.2 255.255.25.0
Bad mask 0xFFFF1900 for address 192.168.3.2
R2(config-if)#ip address 192.168.3.2 255.255.255.0
R2(config-if)#int fa0/1
R2(config-if)#no shutdown 
R2(config-if)#ip address 10.0.0.1 255.0.0.0
R2(config-if)#
R2(config-if)#exit
R2(config)#router rip 
R2(config-router)#network 192.168.3.0 
R2(config-router)#network 10.0.0.0
R2(config-router)#end
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is not set
C    10.0.0.0/8 is directly connected, FastEthernet0/1
R    192.168.0.0/24 [120/1] via 192.168.3.1, 00:00:06, Serial0/3/0
R    192.168.1.0/24 [120/1] via 192.168.3.1, 00:00:06, Serial0/3/0
R    192.168.2.0/24 [120/1] via 192.168.3.1, 00:00:06, Serial0/3/0
C    192.168.3.0/24 is directly connected, Serial0/3/0