Configuration experiment of ACL extension 01/21 Update SLTechnology News&Howtos

Configuration experiment of ACL extension

2025-01-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

I. Experimental configuration diagram and requirements

The configuration requirements for establishing an ACL extension on a route are as follows:

1. Allow PC1 to access Linux's web service

2. Allow PC2 to access Linux's ftp service

3. Prohibit PC1 and PC2 from accessing other services of Linux

4. Allow PC1 to access PC2

II. Deployment of the experimental environment

1. Pc1, pc2 and Linux systems all set static IP, submask and gateway, and bind the corresponding network card.

2. Complete the installation and startup of Linux server related services

[root@localhost ~] # yum install vsftpd-y / / install ftp service [root@localhost] # yum install httpd-y / / install http service [root@localhost] # systemctl stop firewalld.service / / turn off the firewall [root@localhost ~] # setenforce 0 / / turn off the enhanced security feature [root@localhost ~] # systemctl start httpd / / start the service [root@localhost ~] # systemctl start Vsftpd [root@localhost ~] # netstat-ntap | egrep'(21 | 80)'/ / check the startup status of the service (port 80 is http Port 21 is ftp) tcp6 0 0: 80: * LISTEN 6399/httpd tcp6 0 0: 21:: *

3. Routing configuration: set IP on three ports

R1#conf t R1 (config) # int f 0/0R1 (config-if) # ip add 192.168.90.1 255.255.255.0R1 (config-if) # no shut R1 (config-if) # int f 0/1R1 (config-if) # ip add 192.168.80.1 255.255.255.0R1 (config-if) # no shut R1 (config-if) # int f 1/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0 R1 (config-if) # no shut R1 (config-if) # exR1 (config) # do show ip route Codes: C-connected S-static, R-RIP, M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external type 1, E2-OSPF external type 2i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2 ia-IS-IS inter area, *-candidate default U-per-user static route o-ODR, P-periodic downloaded static routeGateway of last resort is not setC 192.168.90.0, 24 is directly connected, FastEthernet0/0C 192.168.80.0, FastEthernet0/1C 192.168.100.0, 24 is directly connected, FastEthernet1/0

4. Configure the extended ACL

R1 (config) # access-list 100 permit tcp 192.168.80.20 0.0.255 192.168.100.100 0.0.255 eq 80 R1 (config) # access-list 100 permit tcp host 192.168.90.10 host 192.168.100.100 eq 21 R1 (config) # access-list 100 permit ip host 192.168.80.20 192.168.90.0 0.0.255 R1 (config) # do Show access-listExtended IP access list 100 10 permit tcp 192.168.80.0 0.0.0.255 192.168.100.0 0.0.255 eq www 20 permit tcp host 192.168.90.10 host 192.168.100.100 eq ftp 30 permit ip host 192.168.80.20 192.168.90.0 0.0.0.255R1 (config) # int f0 inR1 1 R1 (config-if) # ip access-group 100 inR1 (config-if) # Int f0/0R1 (config-if) # ip access-group 100 inR1 (config-if) # ex

5. Result test

Pc1 can access the web website service

Pc2 can access the ftp service

Allow pc1 to access pc2

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.