Cisco之ACL

发布于 / Cisco Packet Tracer / 0 条评论
结构图

设置IP

分别设置路由器的IP和PC的IP注意的是两个路由器的频率需要统一,开启频率命令:

注意的是两个路由器的频率需要统一,开启频率命令:

  • conf t
  • int serical 2/0
  • clock rate 64000
  • no shutdown

Router(config)#router ospf 1 Router(config-router)#net Router(config-router)#network 192.168.4.0 0.0.0.255 % Incomplete command. Router(config-router)#network 192.168.4.0 0.0.0.255 a Router(config-router)#network 192.168.4.0 0.0.0.255 area 0 Router(config-router)#network 192.168.3.0 0.0.0.255 area 0 Router(config-router)#exit Router(config)# 00:13:11: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.2 on Serial2/0 from LOADING to FULL, Loading Done Router(config)#network 192.168.1.0 0.0.0.255 area 0 ^ % Invalid input detected at ‘^’ marker. Router(config)# Router(config)#router ospf 1 Router(config-router)#network 192.168.1.0 0.0.0.255 area 0 Router(config-router)#network 192.168.2.0 0.0.0.255 area 0 Router(config-router)#network 192.168.4.0 0.0.0.255 area 0 Router(config-router)#exit Router(config)#a Router(config)#ac Router(config)#access-list mi Router(config)#access-list mi Router(config)#access-list m Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list Router(config)#access-list % Incomplete command. Router(config)#ip a Router(config)#ip access-list s Router(config)#ip access-list standard gui Router(config)#ip access-list standard guid Router(config-std-nacl)# Router# %SYS-5-CONFIG_I: Configured from console by console Router#ip a Router#ip acc Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip acc Router(config)#ip access-list standard Router(config)#ip access-list standard guid Router(config-std-nacl)#permi Router(config-std-nacl)#permit 192.168.1.1 0.0.0.255 Router(config-std-nacl)#d Router(config-std-nacl)#den Router(config-std-nacl)#deny 192.168.2.1 0.0.0.255 Router(config-std-nacl)#exit Router(config)#in Router(config)#interface se 2/0 Router(config-if)#in Router(config-if)#ip a Router(config-if)#ip ac Router(config-if)#ip access-group gui Router(config-if)#ip access-group guize out Router(config-if)#exit Router(config)#ip acce Router(config)#ip access-list e Router(config)#ip access-list extended kuozhan Router(config-ext-nacl)#permit % Incomplete command. Router(config-ext-nacl)#permit? permit Router(config-ext-nacl)#permit % Incomplete command. Router(config-ext-nacl)#permit ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol Router(config-ext-nacl)#permit % Incomplete command. Router(config-ext-nacl)#permit ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol Router(config-ext-nacl)#permit icmp ? A.B.C.D Source address any Any source host host A single source host Router(config-ext-nacl)#permit icmp any ? A.B.C.D Destination address any Any destination host host A single destination host Router(config-ext-nacl)#permit icmp any any ? <0-256> type-num echo Echo (ping) echo-reply Echo reply host-unreachable Host unreachable net-unreachable Net unreachable port-unreachable Port unreachable protocol-unreachable Protocol unreachable ttl-exceeded TTL exceeded unreachable All unreachables Router(config-ext-nacl)#permit icmp any any echo Router(config-ext-nacl)#no permit icmp any any echo Router(config-ext-nacl)#no permit icmp 192.168.1.0 0.0.0.255 host? host Router(config-ext-nacl)#no permit icmp 192.168.1.0 0.0.0.255 host 192.168.3.101 Router(config-ext-nacl)#no permit icmp 192.168.1.0 0.0.0.255 host 192.168.3.101? A.B.C.D Router(config-ext-nacl)#no permit icmp 192.168.1.0 0.0.0.255 host 192.168.3.101 echo Router(config-ext-nacl)#permit icmp 192.168.1.0 0.0.0.255 host 192.168.3.101 echo Router(config-ext-nacl)#deny 192.168.1.0 0.0.0.255 host 192.168.3.101 echo^Z Router# %SYS-5-CONFIG_I: Configured from console by console ^Z Router#^Z Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip ac Router(config)#ip access-list s Router(config)#ip access-list standard kuozhan Access-list type conflicts with prior definition % A named extended IP access list with this name already exists Router(config)#ip access-list e kuozhan Router(config)#ip access-list ext kuozhan Router(config)#ip access-list ex Router(config)#ip access-list extended kuozhan Router(config-ext-nacl)#deny tcp 192.168.1.0 0.0.0.255 host 192.168.3.101 ? eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers Router(config-ext-nacl)#deny tcp 192.168.1.0 0.0.0.255 host 192.168.3.101 eq ? <0-65535> Port number domain Domain Name Service (DNS, 53) ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) Router(config-ext-nacl)#deny tcp 192.168.1.0 0.0.0.255 host 192.168.3.101 eq www Router(config-ext-nacl)#ip a Router(config-ext-nacl)#ip ac Router(config-ext-nacl)#ip acc Router(config-ext-nacl)#exit Router(config)#ip ac Router(config)#ip access- Router(config)#ip access-? access-list Router(config)#in se2/0 Router(config-if)#ip ad Router(config-if)#ip acc Router(config-if)#ip access-group kuozhan out Router(config-if)#exit Router(config)#int fa 1/0 Router(config-if)#ip ac Router(config-if)#ip access-group kuozhan in Router(config-if)#ip ac Router(config-if)#exit Router(config)#ip ac Router(config)#ip access-list extended kuozhan Router(config-ext-nacl)#pe Router(config-ext-nacl)#permit ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol Router(config-ext-nacl)#permit tcp any any eq www Router(config-ext-nacl)#exit Router(config)#his Router(config)#his Router(config)#his Router(config)#his Router(config)#exit Router# %SYS-5-CONFIG_I: Configured from console by console Router#his Router#i pa Router#conft Translating “conft”…domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int serical

转载原创文章请注明,转载自: 微笑博客 » Cisco之ACL
Not Comment Found