Create an ACL statement to enable a real machine to access the virtual server's Web service and disable access to the FTP service

Source: Internet
Author: User

Create ACL Statements enable a real machine to access the virtual server's Web Service and disable access to the FTP service

First create the topology, then plan the IP address and connect the topology line .

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/16/wKiom1T1vUSQ8zilAAKhOMaPnF8936.jpg "style=" float: none; "title=" Image 1.png "alt=" Wkiom1t1vusq8zilaakhomapnf8936.jpg "/>

The configuration concept is first configured with a simple final configuration complex.

first, you need to ensure that the network topology Connectivity : The specific configuration is as follows

R1 the above configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/12/wKioL1T1vljSgipiAALKuL8YAaE753.jpg "style=" float: none; "title=" Image 2.png "alt=" Wkiol1t1vljsgipiaalkul8yaae753.jpg "/>

SW3 the above configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/16/wKiom1T1vUXiz8kKAAJXur4Xw9Q361.jpg "style=" float: none; "title=" Image 3.png "alt=" Wkiom1t1vuxiz8kkaajxur4xw9q361.jpg "/>

SW2 the above configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/12/wKioL1T1vlnyTJvNAAPaHEsMeAQ734.jpg "style=" float: none; "title=" Image 4.png "alt=" Wkiol1t1vlnytjvnaapahesmeaq734.jpg "/>

SW1 the above configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/16/wKiom1T1vUayfU6GAAKaiyTNSRM360.jpg "style=" float: none; "title=" Image 5.png "alt=" Wkiom1t1vuayfu6gaakaiytnsrm360.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/12/wKioL1T1vlqyY9PxAAOhVM1wqJI729.jpg "style=" float: none; "title=" Image 6.png "alt=" Wkiol1t1vlqyy9pxaaohvm1wqji729.jpg "/>

set up the host on the IP Address

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/16/wKiom1T1vUiiHqB7AAOICmz8XNs829.jpg "style=" float: none; "title=" Image 7.png "alt=" Wkiom1t1vuiihqb7aaoicmz8xns829.jpg "/>

To open the virtual machine Server , configure the IP address

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/16/wKiom1T1vUiy0UgiAALXOqE3F9w892.jpg "style=" float: none; "title=" Image 8.png "alt=" Wkiom1t1vuiy0ugiaalxoqe3f9w892.jpg "/>

adding to Server 2008 servers Web Services and FTP Services

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/12/wKioL1T1vlyiQB-8AAJUBviGf7I169.jpg "style=" float: none; "title=" Image 9.png "alt=" Wkiol1t1vlyiqb-8aajubvigf7i169.jpg "/>

Click Add character, then click Next to enter this page

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/16/wKiom1T1vUnA5rNOAALpDScPYoY088.jpg "style=" float: none; "title=" Image 10.png "alt=" Wkiom1t1vuna5rnoaalpdscpyoy088.jpg "/>

Click Next two times to enter this page

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/12/wKioL1T1vl2zJ8dCAANK14QFCfU776.jpg "style=" float: none; "title=" Image 11.png "alt=" Wkiol1t1vl2zj8dcaank14qfcfu776.jpg "/>

Follow the prompts to click Next, click Install on the line.

Another thing to watch out for is which network card your topology is connected to.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/17/wKiom1T1wCjQMvZ9AAIyBfK-dmU371.jpg "title=" Picture 12.png "alt=" Wkiom1t1wcjqmvz9aaiybfk-dmu371.jpg "/>

Then add the IP address of the NIC with the VPCS Configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/12/wKioL1T1vl_xPqetAAJt-Js0rzo509.jpg "style=" float: none; "title=" Image 13.png "alt=" Wkiol1t1vl_xpqetaajt-js0rzo509.jpg "/>

Configuration of the above configuration can be tested is not able to network interoperability, the whole network interoperability is to do the basic premise of the experiment. If you don't, you need to be aware that the firewall is off.

using the real machine Ping the IP address of virtual machine server

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/16/wKiom1T1vUzQY_9tAAHssTLi_k8896.jpg "style=" float: none; "title=" Image 14.png "alt=" Wkiom1t1vuzqy_9taahsstli_k8896.jpg "/>

The following configuration ACL access control List

R1 the above configuration

SW2 and SW3 can also configure remote login ACL statements, but note that if you want to remotely manage the switch with a PC, You need to configure a virtual management address. A direct connection is also required if the direct-connect switch is not required to configure the gateway address.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/12/wKioL1T1vmCiRI0JAALbeC4IVpU523.jpg "style=" float: none; "title=" Image 15.png "alt=" Wkiol1t1vmciri0jaalbec4ivpu523.jpg "/>

telnet with a real machine RI for Management

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/16/wKiom1T1vU3hpQ4MAADFrndY4TI399.jpg "style=" float: none; "title=" Image 16.png "alt=" Wkiom1t1vu3hpq4maadfrndy4ti399.jpg "/>

A carriage return will jump to the following interface

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/12/wKioL1T1vmGyFOusAAJTLemDFS0905.jpg "style=" float: none; "title=" Image 17.png "alt=" Wkiol1t1vmgyfousaajtlemdfs0905.jpg "/>

Note If telnet does not connect to the router, it is possible that your system did not add this program under "Control Panel → programs → programs and features" to add

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/16/wKiom1T1vVDSpmYCAAWJdvhkM-E528.jpg "style=" float: none; "title=" Image 18.png "alt=" Wkiom1t1vvdspmycaawjdvhkm-e528.jpg "/>

SW1 the above configuration

In fact , the ACL statement more than these, but should be the experimental requirements, the main access to the Web server settings and the results of a screenshot (other detailed configuration in the ACL experiment). In particular, it is important to note the order of ACL statements. Wrong is finished!!!

This is mainly for the server configuration, and finally is applied on the Out interface

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/12/wKioL1T1vmSQNT3UAAMrL0sp6qU401.jpg "style=" float: none; "title=" Image 19.png "alt=" Wkiol1t1vmsqnt3uaamrl0sp6qu401.jpg "/>

Result validation

use a virtual machine first server to visit its own web Server self- test a bit. The results show no problem.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/16/wKiom1T1vVTjntfAAAOIOkSnr7Q385.jpg "style=" float: none; "title=" Image 20.png "alt=" Wkiom1t1vvtjntfaaaoioksnr7q385.jpg "/>

and then log in again The FTP server makes a self-test and creates folders and files

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/12/wKioL1T1vmiQVlSNAAKJkn1XCQ8779.jpg "style=" float: none; "title=" Image 21.png "alt=" Wkiol1t1vmiqvlsnaakjkn1xcq8779.jpg "/>

using a real machine to access the virtual machine's Web Server, the following page is created and added itself, do not care about the content of the page. You can access port 80 normally.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/16/wKiom1T1vVaDwZARAANi1KetJjI854.jpg "style=" float: none; "title=" Image 22.png "alt=" Wkiom1t1vvadwzaraani1ketjji854.jpg "/>

Login server to the FTP Server, the results are displayed as failed

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/12/wKioL1T1vmrhGiqWAADYFUBHzDI762.jpg "style=" float: none; "title=" Image 23.png "alt=" Wkiol1t1vmrhgiqwaadyfubhzdi762.jpg "/>

The experiment is complete. Indicates that the host has access to the server's 80 port but cannot access the FTP service.

In addition, when using a local loopback network card, it is best to disable other network adapters as much as possible to prevent errors.


This article is from the "My World" blog, please be sure to keep this source http://zhang2015.blog.51cto.com/9735109/1617018

Create an ACL statement to enable a real machine to access the virtual server's Web service and disable access to the FTP service

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.