zoukankan      html  css  js  c++  java

  • OSPF与ACL综合实验

    OSPF与ACL综合实验

    1、实验内容

    (1)企业内网运行OSPF路由协议,区域规划如拓扑图所示(见3、实验拓扑图);

    (2)财务和研发所在的区域不受其他区域链路不稳定性影响;

    (3)R1、R2、R3只允许被IT登录管理;

    (4)YF和CW之间不能互通,但都可以与IT互通;

    (5)IT和YF可以访问Client1,但CW不能访问Client1;

    (6)YF和CW只能访问Server1的WWW服务;

    2、实验要求

    CW

    1.YF和CW之间不能互通,但都可以与IT互通;

    2.CW不能访问Client1;

    3.CW只能访问Server1的WWW服务;

    YF

    1.YF和CW之间不能互通,但都可以与IT互通;

    3.YF只能访问Server1的WWW服务;

    IT

    1.R1、R2、R3只允许被IT登录管理;

    2.IT可以访问Client1;

    3、实验拓扑图

    4、实验步骤

    4.1基本配置

    [fengwenbo-R1-GigabitEthernet0/0/0]ip add 1.1.1.254 24

    [fengwenbo-R1-GigabitEthernet0/0/1]ip add 192.168.12.1 24

    [fengwenbo-R1-GigabitEthernet0/0/2]ip add 192.168.13.1 24

     

    [fengwenbo-R2-GigabitEthernet0/0/0]ip add 192.168.12.2 24

    [fengwenbo-R2-GigabitEthernet0/0/1]ip add 192.168.10.254 24

    [fengwenbo-R2-GigabitEthernet0/0/2]ip add 192.168.20.254 24

     

    [fengwenbo-R3-GigabitEthernet0/0/0]ip add 192.168.13.2 24

    [fengwenbo-R3-GigabitEthernet0/0/1]ip add 192.168.30.254 24

    [fengwenbo-R3-GigabitEthernet0/0/2]ip add 192.168.40.254 24

    4.2配置OSPF

    (1)ospf基本配置

    [fengwenbo-R1]ospf 1 router-id 1.1.1.1

    [fengwenbo-R1-ospf-1]area 0.0.0.0

    [fengwenbo-R1-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255

    [fengwenbo-R1-ospf-1-area-0.0.0.0]network 192.168.13.0 0.0.0.255

    [fengwenbo-R1-ospf-1-area-0.0.0.1]network 1.1.1.0 0.0.0.255

     

    [fengwenbo-R2]ospf 1 router-id 2.2.2.2

    [fengwenbo-R2-ospf-1]area 0.0.0.0

    [fengwenbo-R2-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255

    [fengwenbo-R2-ospf-1-area-0.0.0.0]area 0.0.0.2

    [fengwenbo-R2-ospf-1-area-0.0.0.2]network 192.168.10.0 0.0.0.255

    [fengwenbo-R2-ospf-1-area-0.0.0.2]network 192.168.20.0 0.0.0.255

    [fengwenbo-R2-ospf-1-area-0.0.0.2]stub no-summary

     

    [fengwenbo-R3]ospf 1 router-id 3.3.3.3

    [fengwenbo-R3-ospf-1]area 0.0.0.0

    [fengwenbo-R3-ospf-1-area-0.0.0.0]network 192.168.13.0 0.0.0.255

    [fengwenbo-R3-ospf-1-area-0.0.0.0]area 0.0.0.3

    [fengwenbo-R3-ospf-1-area-0.0.0.3]network 192.168.30.0 0.0.0.255

    [fengwenbo-R3-ospf-1-area-0.0.0.3]network 192.168.40.0 0.0.0.255

    [fengwenbo-R3-ospf-1-area-0.0.0.3]stub no-summary

     

    [fengwenbo-IT-GigabitEthernet0/0/0]ip add 192.168.10.1 24

    [fengwenbo-IT]ospf 1

    [fengwenbo-IT-ospf-1]area 0.0.0.2

    [fengwenbo-IT-ospf-1-area-0.0.0.2]network 192.168.10.0 0.0.0.255

    [fengwenbo-IT-ospf-1-area-0.0.0.2]stub

    (2)查看fengwenbo-R1/R2/R3路由表。确认OSPF协议是否起作用。

     

     

    4.3配置ACL

    (1)财务部(CW-R3):

    [fengwenbo-R3]acl number 2000

    [fengwenbo-R3-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255

    [fengwenbo-R3]user-interface vty 0 4

    [fengwenbo-R3-ui-vty0-4]acl 2000 inbound

    [fengwenbo-R3-ui-vty0-4]authentication-mode password

    Please configure the login password (maximum length 16):123

    [fengwenbo-R3]acl name cw

    [fengwenbo-R3-acl-adv-cw]rule 10 deny ip source 192.168.30.0 0.0.0.255 destination 1.1.1.0 0.0.0.255

    [fengwenbo-R3-acl-adv-cw]rule 20 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255

    [fengwenbo-R3-acl-adv-cw]rule 30 permit tcp source 192.168.30.0 0.0.0.255 destination 192.168.40.0 0 destination-port eq www

    [fengwenbo-R3-acl-adv-cw]rule 40 deny ip source  192.168.30.0 0.0.0.255 destination 192.168.40.1 0

    [fengwenbo-R3-GigabitEthernet0/0/1]traffic-filter inbound acl name cw

    (2)研发部(YF-R2):

    [fengwenbo-R2]acl number 2000

    [fengwenbo-R2-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255

    [fengwenbo-R2]user-interface vty 0 4

    [fengwenbo-R2-ui-vty0-4]acl 2000 inbound

    [fengwenbo-R2-ui-vty0-4]authentication-mode password

    Please configure the login password (maximum length 16):123

    [fengwenbo-R2]acl name yf

    [fengwenbo-R2-acl-adv-yf]rule 10 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255

    [fengwenbo-R2-acl-adv-yf]rule 20 permit tcp source 192.168.20.0 0.0.0.255 destination 192.168.40.1 0 destination-port eq www

    [fengwenbo-R2-acl-adv-yf]rule 30 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.40.0 0.0.0.255

    [fengwenbo-R2-GigabitEthernet0/0/2]traffic-filter inbound acl name yf

    (3)IT部门(R1)

    [fengwenbo-R1]acl number 2000

    [fengwenbo-R1-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255

    [fengwenbo-R1]user-interface vty 0 4

    [fengwenbo-R1-ui-vty0-4]acl 2000 inbound

    [fengwenbo-R1-ui-vty0-4]authentication-mode password

    Please configure the login password (maximum length 16):123

    [fengwenbo-R1]acl number 3000

    [fengwenbo-R1-acl-adv-3000]rule 10 permit tcp source 1.1.1.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 destination-port eq www

    [fengwenbo-R1-acl-adv-3000]rule 20 deny ip source 1.1.1.0 0.0.0.255 destination 192.168.40.1 0

    [fengwenbo-R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

    4.4 验证

    (1)启动server1的HTTP服务。

    (2)财务可以访问server1的web服务:

    (3)财务无法ping通server1:

    (4)研发可以访问server1 的web服务:

    (5)研发不可以ping通server1:

    (6)IT可以登陆R2:

    (7)R1不可以登陆R2:

    (8)YF和CW不能互通:

    (8)所有验证符合实验要求。实验结束!
  • 相关阅读:
    关于脚本编写的注意点
    关于情报收集以及应用
    关于情报收集以及应用
    关于linux服务器的批量维护、批量升级、
    关于文档
    cf卡中,wtmp文件较大,导致磁盘空间满了
    node.js 对接公众平台
    highcharts的.net本地导出环境安装记录
    兼容 IE,firfox 的时间日期出现 NaN
    IE11无法 登陆银行网站
  • 原文地址:https://www.cnblogs.com/Feng-L/p/12028762.html
Copyright © 2011-2022 走看看