Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Small experiment on Standard ACL configuration begins

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Experimental requirements

Establish a standard ACL on the R1 route to achieve the function of allowing only PC1 to access PC3 and forbidding PC2 to access PC3.

Specific configuration

1. Configure three PC addresses and gateways

PC1 > ip 192.168.10.2 192.168.10.1Checking for duplicate address...PC1: 192.168.10.2 255.255.255.0 gateway 192.168.10.1PC2 > ip 192.168.10.3 192.168.10.1Checking for duplicate address...PC1: 192.168.10.3 255.255.255.0 gateway 192.168.10.1PC3 > PC3 > ip 192.168.20.2 192.168.20.1Checking for duplicate address...PC1: 192.168. 20.2 255.255.255.0 gateway 192.168.20.1

2. Configure switch sw

Sw#conf t sw (config) # no ip routing

3. Configure the addresses and submasks at both ends of the route.

R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.10.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # int f0/1R1 (config-if) # ip add 192.168.20.1 255.255.255.0R1 (config-if) # no shut

4. Test the connectivity of the three pc, which can be interconnected.

PC1 > ping 192.168.20.2 192.168.20.2 icmp_seq=1 timeout84 bytes from 192.168.20.2 icmp_seq=2 ttl=63 time=15.676 ms84 bytes from 192.168.20.2 icmp_seq=3 ttl=63 time=17.680 ms84 bytes from 192.168.20.2 icmp_seq=4 ttl=63 time=21.956 ms84 bytes from 192.168.20.2 icmp_seq=5 ttl=63 time=12.700 msPC1 > ping 192.168.10.3192.168.20.2 icmp_seq=1 timeout192.168.20.2 icmp_seq=2 Timeout84 bytes from 192.168.10.3 icmp_seq=3 ttl=63 time=17.735 ms84 bytes from 192.168.10.3 icmp_seq=4 ttl=63 time=14.069 ms84 bytes from 192.168.10.3 icmp_seq=5 ttl=63 time=14.960 ms

5. Define the ACL statement on the route

R1 (config-if) # access-list 1 deny host 192.168.10.2 # forbids the pc2 host address R1 (config) # do show access-listR1 (config) # access-list 1 permit any # if not written, all R1 (config) # int f0/0R1 (config-if) # ip access-group 1 in # ACL applications are denied by default on interface f0mer0, defined as ingress

6. Use pc1 to access pc3 at this time

PC1 > ping 192.168.20.2 / 192.168.10.1 icmp_seq=1 ttl=255 time=20.233 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=2 ttl=255 time=4.913 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=3 ttl=255 time=12.927 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=4 ttl=255 time=12.965 ms (ICMP type:3, code:13) Communication administratively prohibited) * 192.168.10.1 icmp_seq=5 ttl=255 time=13.958 ms (ICMP type:3, code:13, Communication administratively prohibited)

7. PC1 can communicate with PC2 through ping

PC1 > ping 192.168.10.384 bytes from 192.168.10.3 icmp_seq=1 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=2 ttl=64 time=0.975 ms84 bytes from 192.168.10.3 icmp_seq=3 ttl=64 time=0.997 ms84 bytes from 192.168.10.3 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=5 ttl=64 time=1.731 ms

Small standard ACL configuration experiment succeeded

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report