换一换

冰点文库 > 资源分类 > DOCX文档下载

预览

PacketTracer52实验十二标准IP访问控制列表配置解读.docx

资源ID：15730865 资源大小：39.42KB 全文页数：12页
资源格式： DOCX 下载积分：1金币

快捷下载

账号登录下载

微信登录下载

三方登录下载：

微信扫一扫登录

下载资源需要1金币

邮箱/手机：
温馨提示：	快捷下载时，用户名和密码都是您填写的邮箱或者手机号，方便查询和重复下载（系统自动生成）。如填写123，账号就是123，密码也是123。
支付方式：
验证码：	换一换

加入VIP,免费下载

账号：
密码：
验证码：	换一换
当日自动登录忘记密码？

友情提示

1、下载资料失败解决办法

2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。

3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。

4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

5、试题试卷类文档，如果标题没有明确说明有答案则都视为没有答案，请知晓。

PacketTracer52实验十二标准IP访问控制列表配置解读.docx

1、PacketTracer52实验十二标准IP访问控制列表配置解读课题：标准IP访问控制列表配置教学目标理解标准IP访问控制列表的原理及功能；掌握编号的标准IP访问控制列表的配置方法；教学重点：理解标准IP访问控制列表的原理及功能教学难点：掌握编号的标准IP访问控制列表的配置方法教具、教学素材准备：网络环境教学方法：讲授，演示，实作教学时数：2公司的经理部、财务部和销售部分别属于不同的3个网段，三部门之间用路由器进行信息传递，为了安全起见，公司领导要求销售部不能对财务部进行访问，但经理部可以对财务部进行访问。基本原理ACLs的全称为接入控制列表（Access Control Lists），也

2、称为访问列表（Access List），俗称为防火墙，在有的文档中还称之为包过滤。ACLs通过定义一些规则对网络设备接口上的数据报文进行控制：允许通过或丢弃，从而提高网络可管理性和安全性；IP ACL分为两种：标准IP访问列表和扩展IP访问列表，编号范围分别为199、13001999，100199、20002699；标准IP访问列表可以根据数据包的源IP地址定义规则，进行数据包的过滤；扩展IP访问列表可以根据数据包的源IP、目的IP、源端口、目的端口、协议来定义规则，进行数据包的过滤；IP ACL基于接口进行规则的应用，分为：入栈应用和出栈应用；教学过程实验拓扑1、路由器之间通过V.35电缆串

3、口连接，DCE端连接在R1上，配置其时间频率为64000；主机与路由器通过交叉线连接；2、配置路由器接口IP地址；3、在路由器上配置OSPF路由协议，让三台PC 能相互ping通，因为只有在互通的前提下才能涉及到访问控制列表；4、在R1上配置编号的IP标准访问控制列表；5、将标准IP访问列表应用到接口上；6、验证主机之间的互通性；R1:RouterenRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fa1

4、/0R1(config-if)#ip address 192.168.1.1 255.255.255.0R1(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to upR1(config-if)#exitR1(config)#int fa0/0R1(config-if)#ip add 192.168.2.1 255.255.2

5、55.0R1(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#int se2/0R1(config-if)#clock rate 64000R1(config-if)#ip add 192.168.3.1 255.255.255.0R1(config-if)#

6、no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to downR1(config-if)#exitR1(config)#R1(config)#router ospf 1R1(config-router)#network 192.168.1.0 0.0.0.255 area 0R1(config-router)#network 192.168.2.0 0.0.0.255 area 0R1(config-router)#network 192.168.3.0 0.0.0.255 area 0R1(config-router)#e

7、ndR1#%SYS-5-CONFIG_I: Configured from console by consoleR1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E

8、2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setC 192.168.1.0/24 is directly connected, FastEthernet1/0C 192.168.2

9、.0/24 is directly connected, FastEthernet0/0R1#R1#R1#show ip route /两台路由器配置好后的路由信息Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external

10、type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setC 192.168.1.0/24 is directly connected, FastEthernet1/0C

11、192.168.2.0/24 is directly connected, FastEthernet0/0C 192.168.3.0/24 is directly connected, Serial2/0O 192.168.4.0/24 110/782 via 192.168.3.2, 00:00:15, Serial2/0R1#R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#ip ? access-list Named access-list default-network Fla

12、gs networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts h

13、ost Add an entry to the ip hostname table name-server Specify address of name server to use nat NAT configuration commands route Establish static routes tcp Global TCP parametersR1(config)#ip acR1(config)#ip access-list ? extended Extended Access List standard Standard Access ListR1(config)#ip acces

14、s-list staR1(config)#ip access-list standard ? Standard IP access-list number WORD Access-list nameR1(config)#ip access-list standard david ? R1(config)#ip access-list standard david /配置名为david的IP标准访问控制列表R1(config-std-nacl)#? default Set a command to its defaults deny Specify packets to reject exit

15、Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Access list entry commentR1(config-std-nacl)#permit 192.168.1.0 ? A.B.C.D Wildcard bits R1(config-std-nacl)#permit 192.168.1.0 0.0.0.255 ? R1(config-std-nacl)#permit 192.168.1.0

16、0.0.0.255 /允许192.168.1.0网段通过R1(config-std-nacl)#deny ? A.B.C.D Address to match any Any source host host A single host addressR1(config-std-nacl)#deny 192.168.2.0 ? A.B.C.D Wildcard bits R1(config-std-nacl)#deny 192.168.2.0 0.0.0.255 ? R1(config-std-nacl)#deny 192.168.2.0 0.0.0.255 /禁止192.168.2.0网段通

17、过R1(config-std-nacl)#exitR1(config)#interR1(config)#interface se2/0R1(config-if)#? bandwidth Set bandwidth informational parameter cdp CDP interface subcommands clock Configure serial interface clock crypto Encryption/Decryption commands custom-queue-list Assign a custom queue list to an interface d

18、elay Specify interface throughput delay description Interface specific description encapsulation Set encapsulation type for an interface exit Exit from interface configuration mode fair-queue Enable Fair Queuing on an Interface frame-relay Set frame relay parameters hold-queue Set hold queue depth i

19、p Interface Internet Protocol config commands keepalive Enable keepalive mtu Set the interface Maximum Transmission Unit (MTU) no Negate a command or set its defaults ppp Point-to-Point Protocol priority-group Assign a priority group to an interface service-policy Configure QoS Service Policy shutdo

20、wn Shutdown the selected interface tx-ring-limit Configure PA level transmit ring limit zone-member Apply zone nameR1(config-if)#ip ? access-group Specify access control for packets address Set the IP address of an interface hello-interval Configures IP-EIGRP hello interval helper-address Specify a

21、destination address for UDP broadcasts inspect Apply inspect name ips Create IPS rule mtu Set IP Maximum Transmission Unit nat NAT interface commands ospf OSPF interface commands split-horizon Perform split horizon summary-address Perform address summarization virtual-reassembly Virtual ReassemblyR1

22、(config-if)#ip acR1(config-if)#ip access-group ? IP access list (standard or extended) WORD Access-list nameR1(config-if)#ip access-group david ? in inbound packets out outbound packetsR1(config-if)#ip access-group david out ? R1(config-if)#ip access-group david out /将名为david的IP标准访问控制列表应用到se2/0端口R1(

23、config-if)#endR1#%SYS-5-CONFIG_I: Configured from console by consoleR1#show running-config Building configuration.Current configuration : 928 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R1!.!interface FastE

24、thernet0/0ip address 192.168.2.1 255.255.255.0duplex autospeed auto!interface FastEthernet1/0ip address 192.168.1.1 255.255.255.0duplex autospeed auto!interface Serial2/0ip address 192.168.3.1 255.255.255.0ip access-group david outclock rate 64000!interface Serial3/0no ip addressshutdown!interface F

25、astEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!router ospf 1log-adjacency-changesnetwork 192.168.1.0 0.0.0.255 area 0network 192.168.2.0 0.0.0.255 area 0network 192.168.3.0 0.0.0.255 area 0!ip classless!ip access-list standard davidpermit 192.168.1.0 0.0.0.255deny

26、 192.168.2.0 0.0.0.255!.!line con 0line vty 0 4login!endR1#R2:RouterenRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#int fa0/0R2(config-if)#ip add 192.168.4.1 255.255.255.0R2(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0,

27、changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config-if)#exitR2(config)#int se2/0R2(config-if)#ip add 192.168.3.2 255.255.255.0R2(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to upR2(config-if)#exitR2(config)#router

28、 ospf 1R2(config-router)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to upR2(config-router)#network 192.168.3.0 0.0.0.255 area 0R2(config-router)#network 192.168.4.0 0.0.0.255 area 000:11:23: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.3.1 on Serial2/0 from LOADING to FULL, L

29、oading DoR2(config-router)#endR2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2,

注意事项

本文（PacketTracer52实验十二标准IP访问控制列表配置解读.docx）为本站会员主动上传，冰点文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知冰点文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。