134 lines
3.2 KiB
Markdown
134 lines
3.2 KiB
Markdown
|
# 基本ACL
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### 一、IP & Routing
|
||
|
|
|
||
|
|
- **PC & Server**
|
||
|
|
|
||
|
|
- **AR1**
|
||
|
|
|
||
|
|
```
|
||
|
|
[AR1]int g0/0/1
|
||
|
|
[AR1-GigabitEthernet0/0/1]ip add 192.168.1.254 24
|
||
|
|
[AR1-GigabitEthernet0/0/1]int g0/0/0
|
||
|
|
[AR1-GigabitEthernet0/0/0]ip add 192.168.12.1 24
|
||
|
|
[AR1-GigabitEthernet0/0/0]quit
|
||
|
|
[AR1]ip route-static 192.168.2.0 24 192.168.12.2
|
||
|
|
[AR1]ip route-static 192.168.3.0 24 192.168.12.2
|
||
|
|
```
|
||
|
|
|
||
|
|
- **AR2**
|
||
|
|
|
||
|
|
```
|
||
|
|
[AR2]int g0/0/0
|
||
|
|
[AR2-GigabitEthernet0/0/0]ip add 192.168.12.2 24
|
||
|
|
[AR2-GigabitEthernet0/0/0]int g0/0/1
|
||
|
|
[AR2-GigabitEthernet0/0/1]ip add 192.168.2.254 24
|
||
|
|
[AR2-GigabitEthernet0/0/1]int g0/0/2
|
||
|
|
[AR2-GigabitEthernet0/0/2]ip add 192.168.3.254 24
|
||
|
|
[AR2-GigabitEthernet0/0/2]quit
|
||
|
|
[AR2]ip route-static 192.168.1.0 24 192.168.12.1
|
||
|
|
```
|
||
|
|
|
||
|
|
### 二、VLAN
|
||
|
|
|
||
|
|
- **SW1**
|
||
|
|
|
||
|
|
```
|
||
|
|
[SW1]vlan 10
|
||
|
|
[SW1-vlan10]quit
|
||
|
|
[SW1]port-group group-member g0/0/1 g0/0/2
|
||
|
|
[SW1-port-group]port link-type access
|
||
|
|
[SW1-port-group]port default vlan 10
|
||
|
|
```
|
||
|
|
|
||
|
|
- **SW2**
|
||
|
|
|
||
|
|
```
|
||
|
|
[SW2]vlan 20
|
||
|
|
[SW2-vlan20]quit
|
||
|
|
[SW2]port-group group-member g0/0/1 g0/0/2
|
||
|
|
[SW2-port-group]port link-type access
|
||
|
|
[SW2-port-group]port default vlan 20
|
||
|
|
```
|
||
|
|
|
||
|
|
### 三、连通性测试
|
||
|
|
|
||
|
|
> 全通
|
||
|
|
|
||
|
|
### 四、ACL
|
||
|
|
|
||
|
|
- **AR2**
|
||
|
|
|
||
|
|
```
|
||
|
|
[AR2]acl 2000
|
||
|
|
[AR2-acl-basic-2000]rule 10 deny source 192.168.1.0 0.0.0.255
|
||
|
|
[AR2-acl-basic-2000]quit
|
||
|
|
[AR2]int g0/0/2
|
||
|
|
[AR2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000
|
||
|
|
```
|
||
|
|
|
||
|
|
### 五、功能性测试
|
||
|
|
|
||
|
|
- **PC1 PING Server**(不允许售后部所有主机访问财务部服务器)
|
||
|
|
|
||
|
|
```
|
||
|
|
PC2>ping 192.168.3.1
|
||
|
|
|
||
|
|
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
|
||
|
|
Request timeout!
|
||
|
|
Request timeout!
|
||
|
|
Request timeout!
|
||
|
|
Request timeout!
|
||
|
|
Request timeout!
|
||
|
|
|
||
|
|
--- 192.168.3.1 ping statistics ---
|
||
|
|
5 packet(s) transmitted
|
||
|
|
0 packet(s) received
|
||
|
|
100.00% packet loss
|
||
|
|
```
|
||
|
|
|
||
|
|
- **PC1 PING PC2**(允许售后部主机访问财务部主机)
|
||
|
|
|
||
|
|
```
|
||
|
|
PC1>ping 192.168.2.1
|
||
|
|
|
||
|
|
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
|
||
|
|
From 192.168.2.1: bytes=32 seq=1 ttl=126 time=63 ms
|
||
|
|
From 192.168.2.1: bytes=32 seq=2 ttl=126 time=78 ms
|
||
|
|
From 192.168.2.1: bytes=32 seq=3 ttl=126 time=78 ms
|
||
|
|
From 192.168.2.1: bytes=32 seq=4 ttl=126 time=62 ms
|
||
|
|
From 192.168.2.1: bytes=32 seq=5 ttl=126 time=78 ms
|
||
|
|
|
||
|
|
--- 192.168.2.1 ping statistics ---
|
||
|
|
5 packet(s) transmitted
|
||
|
|
5 packet(s) received
|
||
|
|
0.00% packet loss
|
||
|
|
round-trip min/avg/max = 62/71/78 ms
|
||
|
|
```
|
||
|
|
|
||
|
|
- **PC2 PING Server**(允许财务部主机访问财务部服务器)
|
||
|
|
|
||
|
|
```
|
||
|
|
PC2>ping 192.168.3.1
|
||
|
|
|
||
|
|
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
|
||
|
|
From 192.168.3.1: bytes=32 seq=1 ttl=254 time=62 ms
|
||
|
|
From 192.168.3.1: bytes=32 seq=2 ttl=254 time=63 ms
|
||
|
|
From 192.168.3.1: bytes=32 seq=3 ttl=254 time=16 ms
|
||
|
|
From 192.168.3.1: bytes=32 seq=4 ttl=254 time=47 ms
|
||
|
|
From 192.168.3.1: bytes=32 seq=5 ttl=254 time=31 ms
|
||
|
|
|
||
|
|
--- 192.168.3.1 ping statistics ---
|
||
|
|
5 packet(s) transmitted
|
||
|
|
5 packet(s) received
|
||
|
|
0.00% packet loss
|
||
|
|
round-trip min/avg/max = 16/43/63 ms
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
|