ACL基础习题配置
Posted Faith丶信仰
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ACL基础习题配置相关的知识,希望对你有一定的参考价值。
第一步
配置ip和缺省
第二步
扩展配置 设置Telnet
[r1]aaa 进入aaa服务
[r1-aaa]local-user panxi privilege level 15 password cipher 123456 设定账号和密码
[r1-aaa]local-user panxi service-type telnet 定义账号的功能
[r1-aaa]q
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa 调用
[r1-acl-adv-3001]rule deny icmp source 192.168.1.10 0 destination 192.168.1.1 0
拒绝192.168.1.10对192.168.1.1的icmp--ping
[r1-acl-adv-3002]rule deny tcp source 192.168.1.10 0 destination 192.168.1.1 0 destination-port eq 23
拒绝192.168.1.10 对192.168.1.1的TCP下目标端口号23的访问,实际拒绝了192.168.1.10 对192.168.1.1的telnet远程登录访问
第一点要求已经完成
[r1]aaa
[r1-aaa]local-user wjf privilege level 15 password cipher 123456
Info: Add a new user.
[r1-aaa]local-user wjf service-type telnet
[r1-aaa]
[r1-aaa]q
[r1]u
[r1]undo
[r1]user-bind
[r1]user-group
[r1]user-interface v
[r1]user-interface vty 0 4
[r1-ui-vty0-4]au
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]
[r1-ui-vty0-4]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]tr
[r1-GigabitEthernet0/0/0]traffic-filter in
[r1-GigabitEthernet0/0/0]q
[r1]acl 3000
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0 destination 192.168.1.1 0
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0 destination 192.168.2.1 0
[r1-acl-adv-3000]
[r1-acl-adv-3000]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]t
[r1-GigabitEthernet0/0/0]test-aaa
[r1-GigabitEthernet0/0/0]tracert
[r1-GigabitEthernet0/0/0]traffic-filter in
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[r1-GigabitEthernet0/0/0]
[r1-GigabitEthernet0/0/0]q
Username:123456
Password:
Error: Failed to send authen-req.
Logged Fail!
Username:wjf
Password:
<r1>
第二点要求
<pc1>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/46/60 ms
<pc1>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...第三点要求
<pc2>ping 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=100 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/50/100 ms
<pc2>telnet 192.168.1.1
Press CTRL_] to quit telnet mode
Trying 192.168.1.1 ...第四点要求
<pc2>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Connected to 192.168.2.2 ...
Login authentication
Username:wang
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 192.168.1.10
Time : 2021-12-25 12:58:33-08:00
-----------------------------------------------------------------------------
<r2><pc2>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
以上是关于ACL基础习题配置的主要内容,如果未能解决你的问题,请参考以下文章
Cisco基础:配置标准ACL配置扩展ACL配置标准命名ACL配置扩展命名ACL