访问控制列表(ACL)
1.网络图
2.实验要求 1.Vlan 10 中的用户 8:30—17:30 IE可以访问R2,R1可以访问R2,其他主机不可以 2.R1可以使用用户名为benet密码为test的用户访问R2
3.实验配置R1
R1>
R1>en R1#config terminal R1(config)#no ip routing
R1(config)#int f0/0
R1(config-if)#no shut
R1(config-if)#ip add 192.168.1.1 255.255.255.0 R1(config-if)#ip default-gateway 192.168.1.254
R1(config)#exit
R1#
------------------------------------------------------------
R2 R2>
R2>en R2#config terminal R2(config)#no ip routing
R2(config)#int f0/0
R2(config-if)#no shut
R2(config-if)#ip add 192.168.20.1 255.255.255.0 R2(config-if)#ip default-gateway 192.168.20.254
R2(config)#exit
R2# --------------------------
PC PC>
PC>en PC#config terminal PC(config)#no ip routing
PC(config)#int f0/0
PC(config-if)#no shut
PC(config-if)#ip add 192.168.10.1 255.255.255.0 PC(config-if)#ip default-gateway 192.168.10.254
PC(config)#exit
PC#
-----------------------------------------------------------------------
SW1SW1#
SW1#clock set 11:43:00 13 sep 2009
SW1#vlan database
SW1(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW1(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
SW1(vlan)#
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int vlan 10
SW1(config-if)#ip add 192.168.10.254 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#int vlan 20
SW1(config-if)#ip add 192.168.20.254 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#int vlan 1
SW1(config-if)#ip add 192.168.1.254 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#int f0/1
SW1(config-if)#sw
SW1(config-if)#switchport acc
SW1(config-if)#switchport access vlan 1
SW1(config-if)#no shut
SW1(config-if)#int f0/10
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shut
SW1(config)#int f0/15
SW1(config-if)#switchport access vlan 20
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#
SW1(config)#ip routing
SW1(config)#time-range mytime
SW1(config-time-range)#periodic weekdays 8:30 to 17:30
SW1(config-time-range)#exit
SW1(config)#access-list 101 p ermit tcp 192.168.10.0 0.0.0.255 host 192.168.20.1 eq 80 time-range mytime
SW1(config)#access-list 1 permit 192.168.1.1
SW1(config)#
SW1(config)#int vlan 20
SW1(config-if)#ip access-group 101 out
SW1(config-if)#ip access-group 1 out
SW1(config)#access-list 101 permit icmp host 192.168.1.1 host 192.168.20.1 echo
SW1(config-if)#line vty 0 4
SW1(config)#line vty 0 4
SW1(config-line)#acc
SW1(config-line)#access-class 1 out
SW1(config-line)#login local
SW1(config-line)#exit
SW1(config)#username benet password test
SW1(config)#
4.测试
文章评论
加油哦!
做网站了啊…