zoukankan      html  css  js  c++  java
  • 0223_模拟2011

    拓扑图:
    访问列表:

    配置方法:分清楚流量的inout,分清楚流量是从接口的IN流入,还是从接口的OUT流出。

    扩展访问列表在源用IN,标准访问列表在目的用OUT 

    R3:
    配置ACL实验VLAN30,VLAN40只有上班时间(周一至周五的900-1800)才可以访问互联网。

    time-range work

     periodic weekdays 9:00 to 18:00

    r3(config)#acc 100 per ip 12.1.3.0 0.0.0.255 an ti work

    r3(config)#acc 100 per ip 12.1.4.0 0.0.0.255 an ti work

    r3#sh clo

    *01:43:18.783 UTC Fri Mar 1 2002------此时间不可以访问

    VPCS 3 >ping 172.16.1.9

    172.16.1.9 icmp_seq=1 timeout

    172.16.1.9 icmp_seq=2 timeout

    172.16.1.9 icmp_seq=3 timeout

    172.16.1.9 icmp_seq=4 timeout

    172.16.1.9 icmp_seq=5 timeout

    VPCS 4 >3

    VPCS 3 >ping 172.16.1.10

    172.16.1.10 icmp_seq=1 time=47.000 ms

    172.16.1.10 icmp_seq=2 time=62.000 ms

    172.16.1.10 icmp_seq=3 time=78.000 ms

    172.16.1.10 icmp_seq=4 time=78.000 ms

    172.16.1.10 icmp_seq=5 time=62.000 ms

    r3#clo set 9:30:00 18 feb 2013

    r3#sh clo

    09:32:54.347 UTC Mon Feb 18 2013--------此时间可以访问

    VPCS 3 >ping 172.16.1.9

    172.16.1.9 icmp_seq=1 time=125.000 ms

    172.16.1.9 icmp_seq=2 time=78.000 ms

    172.16.1.9 icmp_seq=3 time=78.000 ms

    172.16.1.9 icmp_seq=4 time=93.000 ms

    172.16.1.9 icmp_seq=5 time=140.000 ms

    VPCS 3 >4

    VPCS 4 >ping 99.1.1.14

    99.1.1.14 icmp_seq=1 time=234.000 ms

    99.1.1.14 icmp_seq=2 time=281.000 ms

    99.1.1.14 icmp_seq=3 time=203.000 ms

    99.1.1.14 icmp_seq=4 time=187.000 ms

    99.1.1.14 icmp_seq=5 time=187.000 ms

    R4:

    配置ACL禁止C6所在网段在8001000这段时间无法PINGC4
    time-range work
     periodic weekdays 8:00 to 10:00
    access-list 100 deny   icmp 99.1.1.0 0.0.0.255 12.1.4.0 0.0.0.255 time-range work

    access-list 100 permit ip any any

    r4#sh clo

    09:02:47.395 UTC Mon Feb 18 2013------此时间C6,C4之间不通

    VPCS 6 >ping 12.1.4.100

    12.1.4.100 icmp_seq=1 timeout

    12.1.4.100 icmp_seq=2 timeout

    12.1.4.100 icmp_seq=3 timeout

    12.1.4.100 icmp_seq=4 timeout

    12.1.4.100 icmp_seq=5 timeout

    r4#clo set 7:00:00 18 feb 2013

    r4#sh clo

    07:03:55.599 UTC Mon Feb 18 2013------此时间C6,C4之间通

    VPCS 6 >ping 12.1.4.100

    12.1.4.100 icmp_seq=1 time=171.000 ms

    12.1.4.100 icmp_seq=2 time=171.000 ms

    12.1.4.100 icmp_seq=3 time=171.000 ms

    12.1.4.100 icmp_seq=4 time=202.000 ms

    12.1.4.100 icmp_seq=5 time=187.000 ms

    R5,R6:

    配置ACL不允许VLAN10VLAN20进行互访,其它不受限制。

    R5:

    access-list 100 deny   ip 12.1.1.0 0.0.0.255 12.1.2.0 0.0.0.255

    access-list 100 permit ip any any

    interface Vlan10

     ip address 12.1.1.1 255.255.255.0

     ip access-group 100 in

    R6:

    interface Vlan10

     ip address 12.1.1.2 255.255.255.0

     ip access-group 100 in

    access-list 100 deny   ip 12.1.1.0 0.0.0.255 12.1.2.0 0.0.0.255

    access-list 100 permit ip any any

    VPCS 1 >ping 12.1.2.100--------------VLAN10不可以访问VLAN20

    12.1.2.100 icmp_seq=1 timeout

    12.1.2.100 icmp_seq=2 timeout

    12.1.2.100 icmp_seq=3 timeout

    12.1.2.100 icmp_seq=4 timeout

    12.1.2.100 icmp_seq=5 timeout


          本文转自810105851 51CTO博客,原文链接:http://blog.51cto.com/4708948/1139080,如需转载请自行联系原作者






  • 相关阅读:
    NTP on FreeBSD 12.1
    Set proxy server on FreeBSD 12.1
    win32 disk imager使用后u盘容量恢复
    How to install Google Chrome Browser on Kali Linux
    Set NTP Service and timezone on Kali Linux
    Set static IP address and DNS on FreeBSD
    github博客标题显示不了可能是标题包含 特殊符号比如 : (冒号)
    server certificate verification failed. CAfile: none CRLfile: none
    删除文件和目录(彻底的)
    如何在Curl中使用Socks5代理
  • 原文地址:https://www.cnblogs.com/twodog/p/12138621.html
Copyright © 2011-2022 走看看