ACL基础综合实验（标准ACL实验）

ACL基础综合实验（标准ACL实验）

三、地址规划1、网段设置如拓扑图中所示2、内网中的PC自动获取IP地址，IP地址所处网段如拓扑图所示

五、实验配置pc9所在的交换机sw2上没有做配置，以下给出其他设备的配置——————————————————————————————————————————————————————————————————————R0#sh running-config Building configuration...

Current configuration : 1625 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R0!!!!!ip dhcp pool v2network 172.16.1.0 255.255.255.0default-router 172.16.1.1dns-server 45.1.1.100ip dhcp pool v3network 172.16.2.0 255.255.255.0default-router 172.16.2.1dns-server 45.1.1.100!no ip cefno ipv6 cef!!!username zhejiang privilege 15 password 0 123456!!!!!!!!no ip domain-lookup!!spanning-tree mode pvst!!!!!!interface FastEthernet0/0ip address 11.1.1.2 255.255.255.0ip nat outsideduplex autospeed auto!interface FastEthernet0/1ip address 12.1.1.1 255.255.255.0ip nat insideduplex autospeed auto!interface FastEthernet1/0no ip addressduplex autospeed auto!interface FastEthernet1/0.1encapsulation dot1Q 2ip address 172.16.1.1 255.255.255.0ip access-group 100 in!interface FastEthernet1/0.2encapsulation dot1Q 3ip address 172.16.2.1 255.255.255.0!interface FastEthernet1/1no ip addressduplex autospeed autoshutdown!interface Vlan1no ip addressshutdown!router eigrp 90network 11.0.0.0network 12.0.0.0network 172.16.0.0no auto-summary!ip nat inside source static 34.1.1.4 11.1.1.2 ip classless!ip flow-export version 9!!access-list 100 deny icmp host 172.16.1.2 host 34.1.1.4 echoaccess-list 100 permit ip any anyaccess-list 100 deny tcp host 172.16.1.3 host 23.1.1.3 eq telnetaccess-list 100 deny icmp host 172.16.1.3 host 192.168.1.2 echo!!!!!line con 0exec-timeout 0 0logging synchronous!line aux 0!line vty 0 4login local!!!end——————————————————————————————————————————————————————————————————————R1#sho running-config Building configuration...

Current configuration : 886 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R1!!!!!!no ip cefno ipv6 cef!!!!!!!!!!no ip domain-lookup!!spanning-tree mode pvst!!!!!!interface FastEthernet0/0ip address 12.1.1.2 255.255.255.0duplex autospeed auto!interface FastEthernet0/1ip address 23.1.1.2 255.255.255.0duplex autospeed auto!interface FastEthernet1/0ip address 192.168.5.1 255.255.255.0duplex autospeed auto!interface FastEthernet1/1no ip addressduplex autospeed autoshutdown!interface Vlan1no ip addressshutdown!router eigrp 90network 12.0.0.0network 23.0.0.0network 192.168.5.0no auto-summary!ip classless!ip flow-export version 9!!!!!!!line con 0exec-timeout 0 0logging synchronous!line aux 0!line vty 0 4login!!!end——————————————————————————————————————————————————————————————————————R2#sho running-config Building configuration...

Current configuration : 1442 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R2!!!!!ip dhcp pool v4network 192.168.1.0 255.255.255.0default-router 192.168.1.1dns-server 45.1.1.100ip dhcp pool v5network 192.168.2.0 255.255.255.0default-router 192.168.2.1dns-server 45.1.1.100!no ip cefno ipv6 cef!!!username zhejiang privilege 15 password 0 123456!!!!!!!!no ip domain-lookup!!spanning-tree mode pvst!!!!!!interface FastEthernet0/0ip address 23.1.1.3 255.255.255.0duplex autospeed auto!interface FastEthernet0/1ip address 34.1.1.3 255.255.255.0duplex autospeed auto!interface FastEthernet1/0no ip addressduplex autospeed auto!interface FastEthernet1/0.1encapsulation dot1Q 4ip address 192.168.1.1 255.255.255.0!interface FastEthernet1/0.2encapsulation dot1Q 5ip address 192.168.2.1 255.255.255.0ip access-group 101 in!interface FastEthernet1/1no ip addressduplex autospeed autoshutdown!interface Vlan1no ip addressshutdown!router eigrp 90network 23.0.0.0network 34.0.0.0network 192.168.1.0network 192.168.2.0no auto-summary!ip classless!ip flow-export version 9!!access-list 101 permit ip any anyaccess-list 101 deny ip host 192.168.2.3 host 45.1.1.100!!!!!line con 0exec-timeout 0 0logging synchronous!line aux 0!line vty 0 4login local!!!end——————————————————————————————————————————————————————————————————————R3#sho running-config Building configuration...

Current configuration : 909 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R3!!!!!!no ip cefno ipv6 cef!!!username zhejiang privilege 15 password 0 123456!!!!!!!!no ip domain-lookup!!spanning-tree mode pvst!!!!!!interface FastEthernet0/0ip address 34.1.1.4 255.255.255.0duplex autospeed auto!interface FastEthernet0/1ip address 45.1.1.4 255.255.255.0duplex autospeed auto!interface FastEthernet1/0no ip addressduplex autospeed autoshutdown!interface FastEthernet1/1no ip addressduplex autospeed autoshutdown!interface Vlan1no ip addressshutdown!router eigrp 90network 34.0.0.0network 45.0.0.0no auto-summary!ip classless!ip flow-export version 9!!!!!!!line con 0exec-timeout 0 0logging synchronous!line aux 0!line vty 0 4login local!!!end——————————————————————————————————————————————————————————————————————sw0#sho running-config Building configuration...

Current configuration : 1322 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname sw0!!!no ip domain-lookup!!spanning-tree mode pvst!interface FastEthernet0/1switchport mode trunk!interface FastEthernet0/2switchport access vlan 2switchport mode access!interface FastEthernet0/3switchport access vlan 2switchport mode access!interface FastEthernet0/4switchport access vlan 3switchport mode access!interface FastEthernet0/5switchport access vlan 3switchport mode access!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1no ip addressshutdown!!!!line con 0logging synchronousexec-timeout 0 0!line vty 0 4loginline vty 5 15login!!end——————————————————————————————————————————————————————————————————————sw1#sho running-config Building configuration...

Current configuration : 1322 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname sw1!!!no ip domain-lookup!!spanning-tree mode pvst!interface FastEthernet0/1switchport mode trunk!interface FastEthernet0/2switchport access vlan 4switchport mode access!interface FastEthernet0/3switchport access vlan 4switchport mode access!interface FastEthernet0/4switchport access vlan 5switchport mode access!interface FastEthernet0/5switchport access vlan 5switchport mode access!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1no ip addressshutdown!!!!line con 0logging synchronousexec-timeout 0 0!line vty 0 4loginline vty 5 15login!!end——————————————————————————————————————————————————————————————————————六、注意事项在调用ACL时，需要注意调用的接口和方向，如：本实验中调用的接口是子接口，而不是物理接口。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。