650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A7/57/wKioL1nleoeydiqkAAAgnzVZEkY264.png "style=" float : Left; "title=" QQ picture 20171017113857.png "alt=" Wkiol1nleoeydiqkaaagnzvzeky264.png "/>
PC1 Configuration
Pc1#conf T
Enter configuration commands, one per line. End with cntl/z.
PC1 (config) #int E0/1
PC1 (config-if) #ip add
PC1 (config-if) #ip address 10.10.1.10 255.255.255.0
PC1 (config-if) #no sh
PC1 (config-if) #exit
PC1 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.1.1
PC1 (config) #do sh ip route
CODES:C-connected, s-static, R-rip, M-mobile, B-BGP
D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area
N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2
E1-OSPF external Type 1, E2-OSPF external type 2
I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2
Ia-is-is Inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort are 10.10.1.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.1.0 is directly connected, ETHERNET0/1
s* 0.0.0.0/0 [1/0] via 10.10.1.1
PC2 Configuration
Pc2#conf T
Enter configuration commands, one per line. End with cntl/z.
PC2 (config) #int e0/0
PC2 (config-if) #ip add
PC2 (config-if) #ip address 10.10.2.10 255.255.255.0
PC2 (config-if) #no sh
PC2 (config-if) #exit
PC2 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.2.1
PC2 (config) #do sh ip route
CODES:C-connected, s-static, R-rip, M-mobile, B-BGP
D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area
N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2
E1-OSPF external Type 1, E2-OSPF external type 2
I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2
Ia-is-is Inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort are 10.10.2.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.2.0 is directly connected, ethernet0/0
s* 0.0.0.0/0 [1/0] via 10.10.2.1
Public external Router configuration
gonggongwaibu>en
Gonggongwaibu#conf T
Enter configuration commands, one per line. End with cntl/z.
Gonggongwaibu (config) #int e0/0
Gonggongwaibu (config-if) #ip add 192.168.1.10 255.255.255.0
Gonggongwaibu (config-if) #no sh
Gonggongwaibu (config-if) #int E0/1
Gonggongwaibu (config-if) #ip add 10.10.1.1 255.255.255.0
Gonggongwaibu (config-if) #no sh
Gonggongwaibu (config-if) #int E0/2
Gonggongwaibu (config-if) #ip add 10.10.2.1 255.255.255.0
Gonggongwaibu (config-if) #no sh
Gonggongwaibu (config) #ip Route 172.16.1.0 255.255.255.0 192.168.1.1
Gonggongwaibu (config) #do sh ip route
CODES:C-connected, s-static, R-rip, M-mobile, B-BGP
D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area
N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2
E1-OSPF external Type 1, E2-OSPF external type 2
I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2
Ia-is-is Inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort are not set
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.1.0 [1/0] via 192.168.1.1
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.1.0 is directly connected, ETHERNET0/1
C 10.10.2.0 is directly connected, ETHERNET0/2
C 192.168.1.0/24 is directly connected, ethernet0/0
Gonggongwaibu (config) #do sh ip int BR
Interface ip-address OK? Method Status Protocol
ethernet0/0 192.168.1.10 YES Manual up
ETHERNET0/1 10.10.1.1 YES Manual up
ETHERNET0/2 10.10.2.1 YES Manual up
ETHERNET0/3 Unassigned YES unset administratively down
Experimental router configuration
Shiyan#conf T
Enter configuration commands, one per line. End with cntl/z.
Shiyan (config) #int e0/0
Shiyan (config-if) #ip add 192.168.1.1 255.255.255.0
Shiyan (config-if) #no sh
Shiyan (config-if) #int E0/1
Shiyan (config-if) #ip add 172.16.1.1 255.255.255.0
Shiyan (config-if) #no sh
Shiyan (config-if) #exit
Shiyan (config) #ip Route 10.10.1.0 255.255.255.0 192.168.1.10
Shiyan (config) #ip Route 10.10.2.0 255.255.255.0 192.168.1.10
Shiyan (config) #do sh ip route
CODES:C-connected, s-static, R-rip, M-mobile, B-BGP
D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area
N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2
E1-OSPF external Type 1, E2-OSPF external type 2
I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2
Ia-is-is Inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort are not set
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, ETHERNET0/1
10.0.0.0/24 is subnetted, 2 subnets
S 10.10.1.0 [1/0] via 192.168.1.10
S 10.10.2.0 [1/0] via 192.168.1.10
C 192.168.1.0/24 is directly connected, ethernet0/0
Test router configuration
ceshi>en
Ceshi#conf T
Enter configuration commands, one per line. End with cntl/z.
Ceshi (config) #int e0/0
Ceshi (config-if) #ip address 172.16.1.10 255.255.255.0
Ceshi (config-if) #no sh
Ceshi (config-if) #exit
Ceshi (config) #ip Route 0.0.0.0 0.0.0.0 172.16.1.1
Ceshi (config) #do sh ip route
CODES:C-connected, s-static, R-rip, M-mobile, B-BGP
D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area
N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2
E1-OSPF external Type 1, E2-OSPF external type 2
I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2
Ia-is-is Inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort are 172.16.1.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, ethernet0/0
s* 0.0.0.0/0 [1/0] via 172.16.1.1
Standard ACL:
Allow 10.10.1.0 hosts in the subnet to access the test server
Deny host access to test server in 10.10.2.0 subnet
Add commands on the experimental router
Access-list 1 Permit 10.10.1.10 0.0.0.255
Interface f0/0
IP Access-group 1 in
2. Extending ACLS
Allow network segment one and network segment two ping pass test server
Telnet service that allows network segment one but does not allow network segment two access to the internal network
Add commands on the experimental router
Access-list 101 Permit ICMP any any echo
Access-list 101 Permit ICMP any any echo-reply
Access-list 101 Permit TCP 10.10.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq 23
Interface f0/0
IP Access-group 101 in
On the test server
Enable password 123
Line vty 0 4
Password 123
Login
Ping the test server on PC1 and PC2, and then Telnet
View ACLs
Show Access-list
Show IP route
This article is from the "DY" blog, please be sure to keep this source http://guochenyong.blog.51cto.com/11367898/1973194
Cisco access Control List