Lab 1 Configuring the standard IP ACL
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8B/28/wKioL1hGJVjR8OTmAAB7dSl5ETo118.png "title=" (PD7) C5j4 ' x9j~ @E3}6ryiq.png "alt=" Wkiol1hgjvjr8otmaab7dsl5eto118.png "/>
"Experimental Steps"
Step 1 R1 the basic configuration.
R1#configure Terminal
R1 (config) #interface fastethernet 1/0
R1 (config-if) #ip address 172.16.1.1 255.255.255.0
R1 (config-if) #exit
R1 (config) #interface fastethernet 1/1
R1 (config-if) #ip address 172.16.2.1 255.255.255.0
R1 (config-if) #exit
R1 (config) #interface serial 1/2
R1 (config-if) #ip address 172.16.3.1 255.255.255.0
R1 (config-if) #exit
Step 2 R2 the basic configuration.
R2#configure Terminal
R2 (config) #interface serial 1/2
R2 (config-if) #ip address 172.16.3.2 255.255.255.0
R2 (config-if) #exit
R2 (config) #interface fastethernet 1/0
R2 (config-if) #ip address 172.16.4.1 255.255.255.0
R2 (config-if) #exit
Step 3 View the R1, R2 interface status.
R1#show IP Interface Brief
Interface ip-address (Pri) OK? Status
Serial 172.16.3.1/24 YES up
Serial 1/3 no address YES down
FastEthernet 1/0 172.16.1.1/24 YES up
FastEthernet 1/1 172.16.2.1/24 YES up
Null 0 No address YES up
R2#show IP Interface Brief
Interface ip-address (Pri) OK? Status
Serial 172.16.3.2/24 YES up
Serial 1/3 no address YES down
FastEthernet 1/0 172.16.4.1/24 YES up
FastEthernet 1/1 no address YES down
Null 0 No address YES up
Step 4 Configure the static route on R1, R2.
R1 (config) #ip route 172.16.4.0 255.255.255.0 serial 1/2
R2 (config) #ip Route 172.16.1.0 255.255.255.0 serial 1/2
R2 (config) #ip Route 172.16.2.0 255.255.255.0 serial 1/2
Lab 19 Configuring the standard IP ACL 68
Step 5 Configure the standard IP ACL.
For standard IP ACLs, because the source IP address of the message can only be checked, in order not to affect the source side of the other pass
Letter, which is usually placed close to the target, in this experiment is the R2 f1/0 interface.
R2 (config) #access-list 1 deny 172.16.2.0 0.0.0.255
! Reject traffic from the 172.16.2.0/24 subnet of the sales department through
R2 (config) #access-list 1 Permit 172.16.1.0 0.0.0.255
! Allows traffic from the 172.16.1.0/24 subnet of the administration department to pass through
Step 6 Apply the ACL.
R2 (config) #interface fastethernet 1/0
R2 (config-if) #ip Access-group 1 out
Step 7 Verify the test.
In the Administrative department host (172.16.1.0/24) Ping Finance Department host, you can ping. In the Sales department host (172.16.2.0/24)
Ping the Finance Department host, can not ping through.
Experimental two configuration extended IP ACL
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/8B/2B/wKiom1hGJhax5p8zAACQuUgjt4o340.png "title=" q8eof) 1LU ' Dww3td0v~phb5.png "alt=" Wkiom1hgjhax5p8zaacquugjt4o340.png "/>
"Experimental Steps"
Step 1 R1 the basic configuration.
R1#configure Terminal
R1 (config) #interface fastethernet 1/0
R1 (config-if) #ip address 172.16.1.1 255.255.255.0
R1 (config-if) #exit
R1 (config) #interface fastethernet 1/1
R1 (config-if) #ip address 172.16.2.1 255.255.255.0
R1 (config-if) #exit
R1 (config) #interface serial 1/2
R1 (config-if) #ip address 172.16.3.1 255.255.255.0
R1 (config-if) #exit
Step 2 R2 the basic configuration.
R2#configure Terminal
R2 (config) #interface serial 1/2
R2 (config-if) #ip address 172.16.3.2 255.255.255.0
R2 (config-if) #exit
R2 (config) #interface fastethernet 1/0
R2 (config-if) #ip address 172.16.4.1 255.255.255.0
R2 (config-if) #exit
Step 3 View the R1, R2 interface status.
R1#show IP Interface Brief
Interface ip-address (Pri) OK? Status
Serial 172.16.3.1/24 YES up
Serial 1/3 no address YES down
FastEthernet 1/0 172.16.1.1/24 YES up
FastEthernet 1/1 172.16.2.1/24 YES up
Null 0 No address YES up
R2#show IP Interface Brief
Interface ip-address (Pri) OK? Status
Serial 172.16.3.2/24 YES up
Serial 1/3 no address YES down
FastEthernet 1/0 172.16.4.1/24 YES up
FastEthernet 1/1 no address YES down
Null 0 No address YES up
Step 4 Configure the static route on R1, R2.
Experiment 20 Configuring the extended IP ACL 73
R1 (config) #ip route 172.16.4.0 255.255.255.0 serial 1/2
R2 (config) #ip Route 172.16.1.0 255.255.255.0 serial 1/2
R2 (config) #ip Route 172.16.2.0 255.255.255.0 serial 1/2
Step 5 Configure the extended IP ACL.
For extended IP ACLs, because multiple elements in a packet can be inspected, they can be placed in a distance source
Near the position, in this experiment is R1 S1/2 interface.
R1 (config) #access-list permit TCP 172.16.1.0 0.0.0.255 host 172.16.4.2 eq FTP
R1 (config) #access-list permit TCP 172.16.1.0 0.0.0.255 host 172.16.4.2 eq
Ftp-data
! Allow traffic from the 172.16.1.0/24 subnet of the dorm network to reach FTP Server (172.16.4.2)
R1 (config) #access-list permit TCP 172.16.2.0 0.0.0.255 host 172.16.4.2 eq FTP
R1 (config) #access-list permit TCP 172.16.2.0 0.0.0.255 host 172.16.4.2 eq
Ftp-data
! Allow incoming FTP Server (172.16.4.2) traffic from the Faculty network 172.16.2.0/24 subnet
R1 (config) #access-list permit TCP 172.16.2.0 0.0.0.255 host 172.16.4.3 eq www
! Allow traffic to WWW Server (172.16.4.3) from the 172.16.2.0/24 subnet of the Faculty network
Step 6 Apply the ACL
R1 (config) #interface serial 1/2
R1 (config-if) #ip Access-group
Step 7 Install FTP server and WWW server on the host.
Step 8 Verify the test.
FTP server can be accessed on the host of the dorm network, but WWW server cannot be accessed. In the Faculty network host
Both FTP server and WWW server (172.16.2.0/24) can be accessed.
This article is from the "12034941" blog, please be sure to keep this source http://12044941.blog.51cto.com/12034941/1879875
Configure IP ACLs
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
