From a2c096532ddff8fa9245ecce40316dfaa1914776 Mon Sep 17 00:00:00 2001 From: Noriu Date: Thu, 29 Aug 2024 18:19:37 +0800 Subject: [PATCH] =?UTF-8?q?2024=E5=B9=B48=E6=9C=8829=E6=97=A5=2018:19:38?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- B. 第二阶段/拓扑练习/0829_基本ACL.md | 133 +++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 B. 第二阶段/拓扑练习/0829_基本ACL.md diff --git a/B. 第二阶段/拓扑练习/0829_基本ACL.md b/B. 第二阶段/拓扑练习/0829_基本ACL.md new file mode 100644 index 0000000..4af5f1e --- /dev/null +++ b/B. 第二阶段/拓扑练习/0829_基本ACL.md @@ -0,0 +1,133 @@ +# 基本ACL + +![image-20240829181207506](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240829181207506.png) + +![image-20240829174643775](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240829174643775.png) + +### 一、IP & Routing + +- **PC & Server** + +- **AR1** + + ``` + [AR1]int g0/0/1 + [AR1-GigabitEthernet0/0/1]ip add 192.168.1.254 24 + [AR1-GigabitEthernet0/0/1]int g0/0/0 + [AR1-GigabitEthernet0/0/0]ip add 192.168.12.1 24 + [AR1-GigabitEthernet0/0/0]quit + [AR1]ip route-static 192.168.2.0 24 192.168.12.2 + [AR1]ip route-static 192.168.3.0 24 192.168.12.2 + ``` + +- **AR2** + + ``` + [AR2]int g0/0/0 + [AR2-GigabitEthernet0/0/0]ip add 192.168.12.2 24 + [AR2-GigabitEthernet0/0/0]int g0/0/1 + [AR2-GigabitEthernet0/0/1]ip add 192.168.2.254 24 + [AR2-GigabitEthernet0/0/1]int g0/0/2 + [AR2-GigabitEthernet0/0/2]ip add 192.168.3.254 24 + [AR2-GigabitEthernet0/0/2]quit + [AR2]ip route-static 192.168.1.0 24 192.168.12.1 + ``` + +### 二、VLAN + +- **SW1** + + ``` + [SW1]vlan 10 + [SW1-vlan10]quit + [SW1]port-group group-member g0/0/1 g0/0/2 + [SW1-port-group]port link-type access + [SW1-port-group]port default vlan 10 + ``` + +- **SW2** + + ``` + [SW2]vlan 20 + [SW2-vlan20]quit + [SW2]port-group group-member g0/0/1 g0/0/2 + [SW2-port-group]port link-type access + [SW2-port-group]port default vlan 20 + ``` + +### 三、连通性测试 + +> 全通 + +### 四、ACL + +- **AR2** + + ``` + [AR2]acl 2000 + [AR2-acl-basic-2000]rule 10 deny source 192.168.1.0 0.0.0.255 + [AR2-acl-basic-2000]quit + [AR2]int g0/0/2 + [AR2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000 + ``` + +### 五、功能性测试 + +- **PC1 PING Server**(不允许售后部所有主机访问财务部服务器) + + ``` + PC2>ping 192.168.3.1 + + Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break + Request timeout! + Request timeout! + Request timeout! + Request timeout! + Request timeout! + + --- 192.168.3.1 ping statistics --- + 5 packet(s) transmitted + 0 packet(s) received + 100.00% packet loss + ``` + +- **PC1 PING PC2**(允许售后部主机访问财务部主机) + + ``` + PC1>ping 192.168.2.1 + + Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break + From 192.168.2.1: bytes=32 seq=1 ttl=126 time=63 ms + From 192.168.2.1: bytes=32 seq=2 ttl=126 time=78 ms + From 192.168.2.1: bytes=32 seq=3 ttl=126 time=78 ms + From 192.168.2.1: bytes=32 seq=4 ttl=126 time=62 ms + From 192.168.2.1: bytes=32 seq=5 ttl=126 time=78 ms + + --- 192.168.2.1 ping statistics --- + 5 packet(s) transmitted + 5 packet(s) received + 0.00% packet loss + round-trip min/avg/max = 62/71/78 ms + ``` + +- **PC2 PING Server**(允许财务部主机访问财务部服务器) + + ``` + PC2>ping 192.168.3.1 + + Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break + From 192.168.3.1: bytes=32 seq=1 ttl=254 time=62 ms + From 192.168.3.1: bytes=32 seq=2 ttl=254 time=63 ms + From 192.168.3.1: bytes=32 seq=3 ttl=254 time=16 ms + From 192.168.3.1: bytes=32 seq=4 ttl=254 time=47 ms + From 192.168.3.1: bytes=32 seq=5 ttl=254 time=31 ms + + --- 192.168.3.1 ping statistics --- + 5 packet(s) transmitted + 5 packet(s) received + 0.00% packet loss + round-trip min/avg/max = 16/43/63 ms + ``` + + +