Packet Tracer实验 扩展IP访问控制列表配置Word下载.docx
- 文档编号:20326663
- 上传时间:2023-01-22
- 格式:DOCX
- 页数:13
- 大小:78.37KB
Packet Tracer实验 扩展IP访问控制列表配置Word下载.docx
《Packet Tracer实验 扩展IP访问控制列表配置Word下载.docx》由会员分享,可在线阅读,更多相关《Packet Tracer实验 扩展IP访问控制列表配置Word下载.docx(13页珍藏版)》请在冰豆网上搜索。
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hostnameR1
R1(config)#intfa0/0
R1(config-if)#ipadd192.168.1.1255.255.255.0//配置端口IP地址
R1(config-if)#noshut
%LINK-5-CHANGED:
InterfaceFastEthernet0/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
R1(config-if)#exit
R1(config)#intfa0/1
R1(config-if)#ipadd192.168.2.1255.255.255.0//配置端口IP地址
R1(config-if)#
InterfaceFastEthernet0/1,changedstatetoup
LineprotocolonInterfaceFastEthernet0/1,changedstatetoup
R1(config)#iproute0.0.0.00.0.0.0192.168.2.2//配置defaultroute
R1(config)#end
R1#
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
R1#showiproute//查看路由表
Codes:
C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault,U-per-userstaticroute,o-ODR
P-periodicdownloadedstaticroute
Gatewayoflastresortis192.168.2.2tonetwork0.0.0.0
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0
C192.168.2.0/24isdirectlyconnected,FastEthernet0/1
S*0.0.0.0/0[1/0]via192.168.2.2
R1#showrun
Buildingconfiguration...
Currentconfiguration:
510bytes
!
version12.4
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
hostnameR1
...
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
duplexauto
speedauto
interfaceFastEthernet0/1
ipaddress192.168.2.1255.255.255.0
interfaceVlan1
noipaddress
shutdown
ipclassless
iproute0.0.0.00.0.0.0192.168.2.2
linecon0
linevty04
login
end
R2:
Router(config)#hostnameR2
R2(config)#intfa0/0
R2(config-if)#ipadd192.168.2.2255.255.255.0//配置端口IP地址
R2(config-if)#noshut
R2(config-if)#exit
R2(config)#ints2/0
R2(config-if)#ipadd192.168.3.1255.255.255.0//配置端口IP地址
InterfaceSerial2/0,changedstatetodown
R2(config-if)#clockrate64000//配置时钟频率
R2(config-if)#
InterfaceSerial2/0,changedstatetoup
LineprotocolonInterfaceSerial2/0,changedstatetoup
R2(config)#iproute192.168.1.0255.255.255.0192.168.2.1//配置目标网段1.0的静态路由
R2(config)#iproute192.168.4.0255.255.255.0192.168.3.2//配置目标网段4.0的静态路由
R2(config)#end
R2#
R2#showiproute
Gatewayoflastresortisnotset
S192.168.1.0/24[1/0]via192.168.2.1
C192.168.2.0/24isdirectlyconnected,FastEthernet0/0
C192.168.3.0/24isdirectlyconnected,Serial2/0
S192.168.4.0/24[1/0]via192.168.3.2
R2#conft
Enterconfigurationcommands,oneperline.
EndwithCNTL/Z.
R2(config)#ac
R2(config)#access-list?
<
1-99>
IPstandardaccesslist
100-199>
IPextendedaccesslist
R2(config)#access-list100?
deny
Specifypacketstoreject
permit
Specifypacketstoforward
remark
Accesslistentrycomment
R2(config)#access-list100per
R2(config)#access-list100permit?
eigrp
Cisco'
sEIGRProutingprotocol
gre
sGREtunneling
icmp
InternetControlMessageProtocol
ip
AnyInternetProtocol
ospf
OSPFroutingprotocol
tcp
TransmissionControlProtocol
udp
UserDatagramProtocol
R2(config)#access-list100permittcp?
//web服务使用的是tcp协议
A.B.C.D
Sourceaddress
any
Anysourcehost
host
Asinglesourcehost
R2(config)#access-list100permittcphost?
R2(config)#access-list100permittcphost192.168.1.2?
//源主机地址
Destinationaddress
Anydestinationhost
eq
Matchonlypacketsonagivenportnumber
gt
Matchonlypacketswithagreaterportnumber
Asingledestinationhost
lt
Matchonlypacketswithalowerportnumber
neq
Matchonlypacketsnotonagivenportnumber
range
Matchonlypacketsintherangeofportnumbers
R2(config)#access-list100permittcphost192.168.1.2host?
R2(config)#access-list100permittcphost192.168.1.2host192.168.4.2?
//目标主机地址
dscp
Matchpacketswithgivendscpvalue
established
established
precedence
Matchpacketswithgivenprecedencevalue
cr>
R2(config)#access-list100permittcphost192.168.1.2host192.168.4.2eq?
0-65535>
Portnumber
ftp
FileTransferProtocol(21)
pop3
PostOfficeProtocolv3(110)
smtp
SimpleMailTransportProtocol(25)
telnet
Telnet(23)
www
WorldWideWeb(HTTP,80)
R2(config)#access-list100permittcphost192.168.1.2host192.168.4.2eqwww?
//www服务
R2(config)#access-list100permittcphost192.168.1.2host192.168.4.2eqwww
R2(config)#
R2(config)#access-list100deny?
R2(config)#access-list100denyicmp?
//禁止icmp协议,也就是ping使用的协议
R2(config)#access-list100denyicmphost?
R2(config)#access-list100denyicmphost192.168.1.2?
R2(config)#access-list100denyicmphost192.168.1.2host192.168.4.2?
0-256>
type-num
echo
echo
echo-reply
echo-reply
host-unreachable
host-unreachable
net-unreachable
net-unreachable
port-unreachable
port-unreachable
protocol-unreachable
protocol-unreachable
ttl-exceeded
ttl-exceeded
unreachable
unreachable
R2(config)#access-list100denyicmphost192.168.1.2host192.168.4.2echo?
R2(config)#access-list100denyicmphost192.168.1.2host192.168.4.2echo
R2(config-if)#?
bandwidth
Setbandwidthinformationalparameter
cdp
CDPinterfacesubcommands
clock
Configureserialinterfaceclock
crypto
Encryption/Decryptioncommands
custom-queue-list
Assignacustomqueuelisttoaninterface
delay
Specifyinterfacethroughputdelay
description
Interfacespecificdescription
encapsulation
Setencapsulationtypeforaninterface
exit
Exitfrominterfaceconfigurationmode
fair-queue
EnableFairQueuingonanInterface
frame-relay
Setframerelayparameters
hold-queue
Setholdqueuedepth
InterfaceInternetProtocolconfigcommands
keepalive
Enablekeepalive
mtu
SettheinterfaceMaximumTransmissionUnit(MTU)
no
Negateacommandorsetitsdefaults
ppp
Point-to-PointProtocol
priority-group
Assignaprioritygrouptoaninterface
service-policy
ConfigureQoSServicePolicy
shutdown
Shutdowntheselectedinterface
tx-ring-limit
ConfigurePAleveltransmitringlimit
zone-member
Applyzonename
R2(config-if)#ip?
access-group
Specifyaccesscontrolforpackets
address
SettheIPaddressofaninterface
hello-interval
ConfiguresIP-EIGRPhellointerval
helper-address
SpecifyadestinationaddressforUDPbroadcasts
inspect
Applyinspectname
ips
CreateIPSrule
SetIPMaximumTransmissionUnit
nat
NATinterfacecom
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Packet Tracer实验 扩展IP访问控制列表配置 Tracer 实验 扩展 IP 访问 控制 列表 配置