标准ACL配置小实验走起

实验要求

在R1路由上建立标准ACL，实现仅允许PC1能访问PC3，禁止PC2对PC3进行访问的功能。

具体配置

1、配置三台pc机地址、网关

PC1> ip 192.168.10.2 192.168.10.1Checking for duplicate address...PC1 : 192.168.10.2 255.255.255.0 gateway 192.168.10.1PC2> ip 192.168.10.3 192.168.10.1 Checking for duplicate address...PC1 : 192.168.10.3 255.255.255.0 gateway 192.168.10.1PC3> PC3> ip 192.168.20.2 192.168.20.1Checking for duplicate address...PC1 : 192.168.20.2 255.255.255.0 gateway 192.168.20.1

2、配置交换机sw

sw#conf t sw(config)#no ip routing

3、配置路由两端地址、子掩

R1#conf tR1(config)#int f0/0R1(config-if)#ip add 192.168.10.1 255.255.255.0R1(config-if)#no shutR1(config-if)#int f0/1R1(config-if)#ip add 192.168.20.1 255.255.255.0R1(config-if)#no shut

4、测试三台pc连通性，可以互联互通

PC1> ping 192.168.20.2           192.168.20.2 icmp_seq=1 timeout84 bytes from 192.168.20.2 icmp_seq=2 ttl=63 time=15.676 ms84 bytes from 192.168.20.2 icmp_seq=3 ttl=63 time=17.680 ms84 bytes from 192.168.20.2 icmp_seq=4 ttl=63 time=21.956 ms84 bytes from 192.168.20.2 icmp_seq=5 ttl=63 time=12.700 msPC1> ping 192.168.10.3192.168.20.2 icmp_seq=1 timeout192.168.20.2 icmp_seq=2 timeout84 bytes from 192.168.10.3 icmp_seq=3 ttl=63 time=17.735 ms84 bytes from 192.168.10.3 icmp_seq=4 ttl=63 time=14.069 ms84 bytes from 192.168.10.3 icmp_seq=5 ttl=63 time=14.960 ms

5、在路由上定义ACL语句

R1(config-if)#access-list 1 deny host 192.168.10.2    #禁止pc2主机地址R1(config)#do show access-listR1(config)#access-list 1 permit any     #不写则默认拒绝所有R1(config)#int f0/0R1(config-if)#ip access-group 1 in     #ACL应用在接口f0/0，定义为入口

6、此时用pc1访问pc3

PC1> ping 192.168.20.2*192.168.10.1 icmp_seq=1 ttl=255 time=20.233 ms (ICMP type:3, code:13, Communication administratively prohibited)*192.168.10.1 icmp_seq=2 ttl=255 time=4.913 ms (ICMP type:3, code:13, Communication administratively prohibited)*192.168.10.1 icmp_seq=3 ttl=255 time=12.927 ms (ICMP type:3, code:13, Communication administratively prohibited)*192.168.10.1 icmp_seq=4 ttl=255 time=12.965 ms (ICMP type:3, code:13, Communication administratively prohibited)*192.168.10.1 icmp_seq=5 ttl=255 time=13.958 ms (ICMP type:3, code:13, Communication administratively prohibited)

7、PC1可以ping通PC2

PC1>ping 192.168.10.384 bytes from 192.168.10.3 icmp_seq=1 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=2 ttl=64 time=0.975 ms84 bytes from 192.168.10.3 icmp_seq=3 ttl=64 time=0.997 ms84 bytes from 192.168.10.3 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.10.3 icmp_seq=5 ttl=64 time=1.731 ms

小型标准ACL配置实验成功