Shulou(Shulou.com)06/01 Report--

What this article shares with you is about how named access control lists are in ACL. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Experimental topology diagram and experimental requirements

The steps of the experiment:

1. Configure sw switch

Conf t / / enter global mode, set vlan10 and 20vlan 10Magne20exdo show vlan-sw b / / View vlan information VLAN Name Status 10 VLAN0010 active 20 VLAN0020 active int range fa1/1-2 / / enter port fa1/1 and 1max 2 interface Enter the port into vlan10sw mo accsw acc vlan 10exdo show vlan-sw b / / to view vlan information VLAN Name Status Ports10 VLAN0010 active Fa1/1, Fa1/220 VLAN0020 active int f1max 3 / enter port f1max 3 Put the port into the vlan20 sw mo accsw acc vlan 20exdo show vlan-sw bVLAN Name Status Ports10 VLAN0010 active Fa1/1, Fa1/220 VLAN0020 active Fa1/3int f1swap 0 / enter port f1ap0, configure the trunk link sw mo tsw t en dot1qexno ip routing / / turn off the routing function

Configure sw- 3 layer 3 switch

Conf tno switchport / / turn off the exchange function int f1/1ip add 192.168.100.1 255.255.255.0no shutexvlan 10Magne20exint vlan 10ip add 192.168.10.1 255.255.255.0no shutexint vlan 20ip add 192.168.20.1 255.255.255.0no shutexdo show ip int b / / View vlan information FastEthernet1/1 192.168.100.1 YES manual up up Vlan10 192.168.10.1 YES manual up down Vlan20 192.168.20.1 YES manual up downint f1ax 0 / entry port f1amp 0 configure trunk link sw mo tsw t en dot1qdo show ip route / / View routing table C 192.168.10.0max 24 is directly connected Vlan10C 192.168.20.0/24 is directly connected, Vlan20C 192.168.100.0/24 is directly connected, FastEthernet1/1

Configure the client ip address and test the interoperability of the whole network

1. Configure the client ip address

PC1 > ip 192.168.100.100 192.168.100.1Checking for duplicate address...PC1: 192.168.100.100 255.255.255.0 gateway 192.168.100.1PC2 > ip 192.168.10.10 192.168.10.1Checking for duplicate address...PC1: 192.168.10.10 255.255.255.0 gateway 192.168.10.1PC3 > ip 192.168.10.20 192.168.10.1Checking for duplicate address...PC1: 192.168.10 .20 255.255.255.0 gateway 192.168.10.1PC4 > ip 192.168.20.20 192.168.20.1Checking for duplicate address...PC1: 192.168.20.20 255.255.255.0 gateway 192.168.20.1

2. Test the interoperability of the whole network

4. Configure named acl and policy

Configure on the sw-3 switch, in global mode

Ip access-list standard yun / / setting mode and naming name. Standard is the standard named ACL. Extended sets the entry for the extension named ACLpermit host 192.168.10.10 / / allows access to the host ip deny 192.168.10.0 0.0.0.255 / / sets the denied network segment entry permit any / / allows all other hosts to access the exdo show access-list / / view access column Table list Standard IP access list yun 10 permit 192.168.10.10 20 deny 192.168.10.0 Wildcard bits 0.0.0.255 30 permit any int f1ax 1 / / enter port f1max 1, apply ACL to this outgoing direction ip access-group yun out

5. Test the acl effect

1. Test the interoperability between host 2 and host 1 in vlan10

PC2 > ping 192.168.100.100192.168.100.100 icmp_seq=1 timeout192.168.100.100 icmp_seq=2 timeout84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=15.953 ms84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=19.232 ms84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=19.049 ms

2. Test the interoperability between host 4 and host 1

PC4 > ping 192.168.100.10084 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=20.226 ms84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=18.953 ms84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=18.208 ms84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=17.023 ms84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=12.985 ms

3. Test the interoperability between other hosts in vlan10 and host 1

PC3 > ping 192.168.100.100 * 192.168.10.1 icmp_seq=1 ttl=255 time=8.907 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=2 ttl=255 time=3.775 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=3 ttl=255 time=7.979 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=4 ttl=255 time=5.965 ms (ICMP type:3, code:13) Communication administratively prohibited) * 192.168.10.1 icmp_seq=5 ttl=255 time=1.992 ms (ICMP type:3, code:13, Communication administratively prohibited)

Named access control lists can flexibly adjust the policy if the policy can be deleted by using the no+ACL number on the basis of standard access lists and extended access lists. You can also append the ACL policy using ACL number + permittip

This is what named access control lists are like in ACL. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.