Home > Others

Cisco access Control List

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A7/57/wKioL1nleoeydiqkAAAgnzVZEkY264.png "style=" float : Left; "title=" QQ picture 20171017113857.png "alt=" Wkiol1nleoeydiqkaaagnzvzeky264.png "/>


PC1 Configuration

Pc1#conf T

Enter configuration commands, one per line. End with cntl/z.

PC1 (config) #int E0/1

PC1 (config-if) #ip add

PC1 (config-if) #ip address 10.10.1.10 255.255.255.0

PC1 (config-if) #no sh

PC1 (config-if) #exit

PC1 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.1.1

PC1 (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 10.10.1.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.10.1.0 is directly connected, ETHERNET0/1

s* 0.0.0.0/0 [1/0] via 10.10.1.1


PC2 Configuration

Pc2#conf T

Enter configuration commands, one per line. End with cntl/z.

PC2 (config) #int e0/0

PC2 (config-if) #ip add

PC2 (config-if) #ip address 10.10.2.10 255.255.255.0

PC2 (config-if) #no sh

PC2 (config-if) #exit

PC2 (config) #ip Route 0.0.0.0 0.0.0.0 10.10.2.1

PC2 (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 10.10.2.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.10.2.0 is directly connected, ethernet0/0

s* 0.0.0.0/0 [1/0] via 10.10.2.1


Public external Router configuration

gonggongwaibu>en

Gonggongwaibu#conf T

Enter configuration commands, one per line. End with cntl/z.

Gonggongwaibu (config) #int e0/0

Gonggongwaibu (config-if) #ip add 192.168.1.10 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config-if) #int E0/1

Gonggongwaibu (config-if) #ip add 10.10.1.1 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config-if) #int E0/2

Gonggongwaibu (config-if) #ip add 10.10.2.1 255.255.255.0

Gonggongwaibu (config-if) #no sh

Gonggongwaibu (config) #ip Route 172.16.1.0 255.255.255.0 192.168.1.1

Gonggongwaibu (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are not set


172.16.0.0/24 is subnetted, 1 subnets

S 172.16.1.0 [1/0] via 192.168.1.1

10.0.0.0/24 is subnetted, 2 subnets

C 10.10.1.0 is directly connected, ETHERNET0/1

C 10.10.2.0 is directly connected, ETHERNET0/2

C 192.168.1.0/24 is directly connected, ethernet0/0

Gonggongwaibu (config) #do sh ip int BR

Interface ip-address OK? Method Status Protocol

ethernet0/0 192.168.1.10 YES Manual up

ETHERNET0/1 10.10.1.1 YES Manual up

ETHERNET0/2 10.10.2.1 YES Manual up

ETHERNET0/3 Unassigned YES unset administratively down


Experimental router configuration

Shiyan#conf T

Enter configuration commands, one per line. End with cntl/z.

Shiyan (config) #int e0/0

Shiyan (config-if) #ip add 192.168.1.1 255.255.255.0

Shiyan (config-if) #no sh

Shiyan (config-if) #int E0/1

Shiyan (config-if) #ip add 172.16.1.1 255.255.255.0

Shiyan (config-if) #no sh

Shiyan (config-if) #exit

Shiyan (config) #ip Route 10.10.1.0 255.255.255.0 192.168.1.10

Shiyan (config) #ip Route 10.10.2.0 255.255.255.0 192.168.1.10

Shiyan (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are not set


172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, ETHERNET0/1

10.0.0.0/24 is subnetted, 2 subnets

S 10.10.1.0 [1/0] via 192.168.1.10

S 10.10.2.0 [1/0] via 192.168.1.10

C 192.168.1.0/24 is directly connected, ethernet0/0


Test router configuration

ceshi>en

Ceshi#conf T

Enter configuration commands, one per line. End with cntl/z.

Ceshi (config) #int e0/0

Ceshi (config-if) #ip address 172.16.1.10 255.255.255.0

Ceshi (config-if) #no sh

Ceshi (config-if) #exit

Ceshi (config) #ip Route 0.0.0.0 0.0.0.0 172.16.1.1

Ceshi (config) #do sh ip route

CODES:C-connected, s-static, R-rip, M-mobile, B-BGP

D-EIGRP, Ex-eigrp External, O-OSPF, IA-OSPF Inter area

N1-OSPF NSSA External Type 1, N2-OSPF NSSA external type 2

E1-OSPF external Type 1, E2-OSPF external type 2

I-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2

Ia-is-is Inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route


Gateway of last resort are 172.16.1.1 to network 0.0.0.0


172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, ethernet0/0

s* 0.0.0.0/0 [1/0] via 172.16.1.1


    1. Standard ACL:

Allow 10.10.1.0 hosts in the subnet to access the test server

Deny host access to test server in 10.10.2.0 subnet

Add commands on the experimental router

Access-list 1 Permit 10.10.1.10 0.0.0.255

Interface f0/0

IP Access-group 1 in

2. Extending ACLS

Allow network segment one and network segment two ping pass test server

Telnet service that allows network segment one but does not allow network segment two access to the internal network

Add commands on the experimental router

Access-list 101 Permit ICMP any any echo

Access-list 101 Permit ICMP any any echo-reply

Access-list 101 Permit TCP 10.10.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq 23

Interface f0/0

IP Access-group 101 in

On the test server

Enable password 123

Line vty 0 4

Password 123

Login

Ping the test server on PC1 and PC2, and then Telnet

View ACLs

Show Access-list

Show IP route

This article is from the "DY" blog, please be sure to keep this source http://guochenyong.blog.51cto.com/11367898/1973194

Cisco access Control List

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
nac network access control cisco cisco 1120 secure access control system mandatory access control vs discretionary access control mandatory access control vs discretionary access control mercurial access control ssh access control bioscrypt access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More