ensp基本ACL的配置

2024-07-17 09:38| 来源: 网络整理| 查看: 265

#作业七：#

##实验一：基本ACL的配置

实验环境实验思路1.规划并配置IP2.动态配置3.设置基本ACL4.检查配置结果具体实施实验总结实验环境

实验思路规划并配置IP 动态配置设置基本ACL 检查配置结果具体实施规划并配置IP R1: [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 10.1.12.1 24 [R1-GigabitEthernet0/0/0]int lo 0 [R1-LoopBack0]ip add 1.1.1.1 32 R2: [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 10.1.12.2 24 [R2-GigabitEthernet0/0/0]int g0/0/1 [R2-GigabitEthernet0/0/1]ip add 10.1.23.2 24 [R2-GigabitEthernet0/0/1]int lo 0 [R2-LoopBack0]ip add 2.2.2.2 32 R3: [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 10.1.23.3 24 [R3-GigabitEthernet0/0/0]int lo 0 [R3-LoopBack0]ip add 3.3.3.3 32 动态配置 R1: [R1]ospf router-id 1.1.1.1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 R2: [R2]ospf router-id 2.2.2.2 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0 [R2-ospf-1-area-0.0.0.1]network 10.1.23.2 0.0.0.0 [R2-ospf-1-area-0.0.0.1]network 2.2.2.2 0.0.0.0 R3: [R3]ospf router-id 3.3.3.3 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.1]network 10.1.23.3 0.0.0.0 [R3-ospf-1-area-0.0.0.1]network 3.3.3.3 0.0.0.0 设置基本ACL R2: [R2]acl 2000 [R2-acl-basic-2000]rule deny source 10.1.12.1 0 [R2-acl-basic-2000]int g0/0/0 [R2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000 //对从R1发来的包进行流量拦截检查连通性

#####配置基本ACL前 R1 ping R3 #####

[R1]ping 3.3.3.3 PING 10.1.23.3: 56 data bytes, press CTRL_C to break Reply from 10.1.23.3: bytes=56 Sequence=1 ttl=255 time=120 ms Reply from 10.1.23.3: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 10.1.23.3: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 10.1.23.3: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 10.1.23.3: bytes=56 Sequence=5 ttl=255 time=30 ms --- 10.1.23.3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/46/120 ms

#####配置基本ACL后 R1 ping R3 #####

[R1]ping 3.3.3.3 PING 3.3.3.3: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 3.3.3.3 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

##实验二：高级ACL的配置

实验环境实验思路1.规划并配置IP2.动态配置3.配置Telnet4.设置高级ACL5.检查配置结果具体实施实验总结实验环境

实验思路规划并配置IP 动态配置配置Telnet 设置高级ACL 检查连通性具体实施规划并配置IP R1: [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 10.1.12.1 24 R2: [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 10.1.12.2 24 [R2-GigabitEthernet0/0/0]int g0/0/1 [R2-GigabitEthernet0/0/1]ip add 10.1.23.3 24 R3: [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 10.1.23.4 24 [R3-GigabitEthernet0/0/0]int lo 0 [R3-LoopBack0]ip add 3.3.3.3 32 动态配置 R1: [R1]ospf router-id 1.1.1.1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 R2: [R2]ospf router-id 2.2.2.2 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0 [R2-ospf-1-area-0.0.0.1]network 10.1.23.2 0.0.0.0 [R2-ospf-1-area-0.0.0.1]network 2.2.2.2 0.0.0.0 R3: [R3]ospf router-id 3.3.3.3 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.1]network 10.1.23.3 0.0.0.0 [R3-ospf-1-area-0.0.0.1]network 3.3.3.3 0.0.0.0 配置Telnet R3: [R3]user-interface vty 0 4 [R3-ui-vty0-4]authentication-mode password Please configure the login password (maximum length 16):huawei [R3-ui-vty0-4]user privilege level 3 设置高级ACL R2: [R2]acl 3000 [R2-acl-adv-3000]rule 5 permit tcp source 10.1.12.1 0 destination 3.3.3.3 0 [R2-acl-adv-3000]rule 10 deny ip [R2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000 检查配置结果

#####设置高级ACL前 R1 ping R3 #####

[R1-ospf-1-area-0.0.0.0]ping 3.3.3.3 PING 3.3.3.3: 56 data bytes, press CTRL_C to break Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=100 ms Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=30 ms Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=40 ms --- 3.3.3.3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/46/100 ms

#####设置高级ACL后 R1 ping R3 #####

ping 10.1.23.3 PING 10.1.23.3: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.1.23.3 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

#####设置高级ACL前 R1 telnet R3 #####

telnet 3.3.3.3 Press CTRL_] to quit telnet mode Trying 3.3.3.3 ... Connected to 3.3.3.3 ... Login authentication Password: Enter system view, return user view with Ctrl+Z.

#####设置高级ACL后 R1 telnet R3 #####

telnet 3.3.3.3 Press CTRL_] to quit telnet mode Trying 3.3.3.3 ... Connected to 3.3.3.3 ... Login authentication Password: //依然可以登录服务器实验总结

** 本次实验学习了ACL的原理和配置方法。ACL由一系列permit和deny语句组成，能实现对网络中报文流的精确识别，从而实现对网络设备的精确控制。通配符是ACL的重点，ACL需要通过通配符匹配来限制网络操作。ACL有5类，本次实验使用了基本ACL以及高级ACL。基本ACL只能直接完全通过IP限制操作，而高级ACL可以实现区分不同的协议类型来限制不同的操作，更加精确。** ion

Password: //依然可以登录服务器实验总结

【本文地址】

公司简介

联系我们

今日新闻

推荐新闻

专题文章