Cisco access Control List

Source: Internet
Author: User


650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A7/57/wKioL1nleoeydiqkAAAgnzVZEkY264.png "style=" float : Left; "title=" QQ picture 20171017113857.png "alt=" Wkiol1nleoeydiqkaaagnzvzeky264.png "/>


PC1 Configuration

Pc1#conf T

Enter configuration commands, one per line. End with cntl/z.

PC1 (config) #int E0/1

PC1 (config-if) #ip add

PC1 (config-if) #ip address 10.10.1.10 255.255.255.0

PC1 (config-if) #no sh

PC1 (config-if) #exit

PC1 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.1.1

PC1 (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 10.10.1.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.10.1.0 is directly connected, ETHERNET0/1

s* 0.0.0.0/0 [1/0] via 10.10.1.1


PC2 Configuration

Pc2#conf T

Enter configuration commands, one per line. End with cntl/z.

PC2 (config) #int e0/0

PC2 (config-if) #ip add

PC2 (config-if) #ip address 10.10.2.10 255.255.255.0

PC2 (config-if) #no sh

PC2 (config-if) #exit

PC2 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.2.1

PC2 (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 10.10.2.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.10.2.0 is directly connected, ethernet0/0

s* 0.0.0.0/0 [1/0] via 10.10.2.1


Public external Router configuration

gonggongwaibu>en

Gonggongwaibu#conf T

Enter configuration commands, one per line. End with cntl/z.

Gonggongwaibu (config) #int e0/0

Gonggongwaibu (config-if) #ip add 192.168.1.10 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config-if) #int E0/1

Gonggongwaibu (config-if) #ip add 10.10.1.1 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config-if) #int E0/2

Gonggongwaibu (config-if) #ip add 10.10.2.1 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config) #ip Route 172.16.1.0 255.255.255.0 192.168.1.1

Gonggongwaibu (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are not set


172.16.0.0/24 is subnetted, 1 subnets

S 172.16.1.0 [1/0] via 192.168.1.1

10.0.0.0/24 is subnetted, 2 subnets

C 10.10.1.0 is directly connected, ETHERNET0/1

C 10.10.2.0 is directly connected, ETHERNET0/2

C 192.168.1.0/24 is directly connected, ethernet0/0

Gonggongwaibu (config) #do sh ip int BR

Interface ip-address OK? Method Status Protocol

ethernet0/0 192.168.1.10 YES Manual up

ETHERNET0/1 10.10.1.1 YES Manual up

ETHERNET0/2 10.10.2.1 YES Manual up

ETHERNET0/3 Unassigned YES unset administratively down


Experimental router configuration

Shiyan#conf T

Enter configuration commands, one per line. End with cntl/z.

Shiyan (config) #int e0/0

Shiyan (config-if) #ip add 192.168.1.1 255.255.255.0

Shiyan (config-if) #no sh

Shiyan (config-if) #int E0/1

Shiyan (config-if) #ip add 172.16.1.1 255.255.255.0

Shiyan (config-if) #no sh

Shiyan (config-if) #exit

Shiyan (config) #ip Route 10.10.1.0 255.255.255.0 192.168.1.10

Shiyan (config) #ip Route 10.10.2.0 255.255.255.0 192.168.1.10

Shiyan (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are not set


172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, ETHERNET0/1

10.0.0.0/24 is subnetted, 2 subnets

S 10.10.1.0 [1/0] via 192.168.1.10

S 10.10.2.0 [1/0] via 192.168.1.10

C 192.168.1.0/24 is directly connected, ethernet0/0


Test router configuration

ceshi>en

Ceshi#conf T

Enter configuration commands, one per line. End with cntl/z.

Ceshi (config) #int e0/0

Ceshi (config-if) #ip address 172.16.1.10 255.255.255.0

Ceshi (config-if) #no sh

Ceshi (config-if) #exit

Ceshi (config) #ip Route 0.0.0.0 0.0.0.0 172.16.1.1

Ceshi (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 172.16.1.1 to network 0.0.0.0


172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, ethernet0/0

s* 0.0.0.0/0 [1/0] via 172.16.1.1


    1. Standard ACL:

Allow 10.10.1.0 hosts in the subnet to access the test server

Deny host access to test server in 10.10.2.0 subnet

Add commands on the experimental router

Access-list 1 Permit 10.10.1.10 0.0.0.255

Interface f0/0

IP Access-group 1 in

2. Extending ACLS

Allow network segment one and network segment two ping pass test server

Telnet service that allows network segment one but does not allow network segment two access to the internal network

Add commands on the experimental router

Access-list 101 Permit ICMP any any echo

Access-list 101 Permit ICMP any any echo-reply

Access-list 101 Permit TCP 10.10.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq 23

Interface f0/0

IP Access-group 101 in

On the test server

Enable password 123

Line vty 0 4

Password 123

Login

Ping the test server on PC1 and PC2, and then Telnet

View ACLs

Show Access-list

Show IP route

This article is from the "DY" blog, please be sure to keep this source http://guochenyong.blog.51cto.com/11367898/1973194

Cisco access Control List

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.