Shulou(Shulou.com)06/02 Report--

The topology diagram of this experiment to build an extended ACL is as follows:

Experimental purpose:

Complete the establishment of the extended ACL on the R1 route to meet the experimental requirements:

Allow PC1 to access Linux's web service

Allow PC2 to access Linux's ftp service

Prohibit PC1 and PC2 from accessing other services of Linux

Allow PC1 to connect to PC2

The steps of the experiment:

1. Complete the static setting of two PCs and bind the network card.

2. Complete the installation and startup of Linux server related services

[root@localhost ~] # yum install vsftpd-y / / install ftp service [root@localhost] # yum install httpd-y / / install http service [root@localhost] # systemctl stop firewalld.service / / turn off the firewall [root@localhost ~] # setenforce 0 / / turn off the enhanced security feature [root@localhost ~] # systemctl start httpd / / start the service [root@localhost ~] # systemctl start Vsftpd [root@localhost ~] # netstat-ntap | egrep'(21 | 80)'/ / check the startup status of the service (port 80 is http Port 21 is ftp) tcp6 0 0: 80: * LISTEN 6399/httpd tcp6 0 0: 21:: * LISTEN 6435/vsftpd

3. Linux sets static IP and binds the network card

4. R1 routing settings

R1#conf t Enter configuration commands, one per line. End with CNTL/Z.R1 (config) # int f 0/0R1 (config-if) # ip add 192.168.90.1 255.255.255.0R1 (config-if) # no shut R1 (config-if) # int f 0/1R1 (config-if) # ip add 192.168.80.1 255.255.255.0R1 (config-if) # no shut R1 (config-if) # int f 1/0R1 (config-if) # ip add 192.168.100.1 255.255.255 .0 R1 (config-if) # no shut R1 (config-if) # exR1 (config) # do show ip route Codes: C-connected S-static, R-RIP, M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external type 1, E2-OSPF external type 2i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2 ia-IS-IS inter area, *-candidate default U-per-user static route o-ODR, P-periodic downloaded static routeGateway of last resort is not setC 192.168.90.0, 24 is directly connected, FastEthernet0/0C 192.168.80.0, FastEthernet0/1C 192.168.100.0, 24 is directly connected, FastEthernet1/0R1 (config) # Note: now There is no ACL setting on R1 routing. In order to meet the experimental requirements, the next step is to set up an extended ACL. R1 (config) # $t tcp 192.168.80.20 0.0.255 192.168.100.100 0.0.255 eq 80 R1 (config) # $100 permit tcp host 192.168.90.10 host 192.168.100.100 eq 21 R1 (config) # $100 permit ip host 192.168.80.20 192.168.90.0 0.0.255 R1 (config) # do show access-listExtended IP access list 100 10 permit tcp 192.168.80.0 0.0.255 192.168.100.0 0.0.255 eq www 20 permit tcp host 192.168.90.10 host 192.168.90.100 eq ftp 30 permit ip host 192.168.80.20 192.168.90.0 0.0.0.255R1 (config) # int f0 / 1 R1 (config-if) # ip access-group 100 inR1 (config-if) # int f0/0R1 (config- If) # ip access-group 100 inR1 (config-if) # ex R1 (config) # Experimental results

When the above settings have been completed, experimental verification should be carried out under the following circumstances:

The above is the complete expansion of ACL actual combat teaching.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.