# 基本ACL ![image-20240829181207506](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240829181207506.png) ![image-20240829174643775](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240829174643775.png) ### 一、IP & Routing - **PC & Server** - **AR1** ``` [AR1]int g0/0/1 [AR1-GigabitEthernet0/0/1]ip add 192.168.1.254 24 [AR1-GigabitEthernet0/0/1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 192.168.12.1 24 [AR1-GigabitEthernet0/0/0]quit [AR1]ip route-static 192.168.2.0 24 192.168.12.2 [AR1]ip route-static 192.168.3.0 24 192.168.12.2 ``` - **AR2** ``` [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 192.168.12.2 24 [AR2-GigabitEthernet0/0/0]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 192.168.2.254 24 [AR2-GigabitEthernet0/0/1]int g0/0/2 [AR2-GigabitEthernet0/0/2]ip add 192.168.3.254 24 [AR2-GigabitEthernet0/0/2]quit [AR2]ip route-static 192.168.1.0 24 192.168.12.1 ``` ### 二、VLAN - **SW1** ``` [SW1]vlan 10 [SW1-vlan10]quit [SW1]port-group group-member g0/0/1 g0/0/2 [SW1-port-group]port link-type access [SW1-port-group]port default vlan 10 ``` - **SW2** ``` [SW2]vlan 20 [SW2-vlan20]quit [SW2]port-group group-member g0/0/1 g0/0/2 [SW2-port-group]port link-type access [SW2-port-group]port default vlan 20 ``` ### 三、连通性测试 > 全通 ### 四、ACL - **AR2** ``` [AR2]acl 2000 [AR2-acl-basic-2000]rule 10 deny source 192.168.1.0 0.0.0.255 [AR2-acl-basic-2000]quit [AR2]int g0/0/2 [AR2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000 ``` ### 五、功能性测试 - **PC1 PING Server**(不允许售后部所有主机访问财务部服务器) ``` PC2>ping 192.168.3.1 Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break Request timeout! Request timeout! Request timeout! Request timeout! Request timeout! --- 192.168.3.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss ``` - **PC1 PING PC2**(允许售后部主机访问财务部主机) ``` PC1>ping 192.168.2.1 Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break From 192.168.2.1: bytes=32 seq=1 ttl=126 time=63 ms From 192.168.2.1: bytes=32 seq=2 ttl=126 time=78 ms From 192.168.2.1: bytes=32 seq=3 ttl=126 time=78 ms From 192.168.2.1: bytes=32 seq=4 ttl=126 time=62 ms From 192.168.2.1: bytes=32 seq=5 ttl=126 time=78 ms --- 192.168.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/71/78 ms ``` - **PC2 PING Server**(允许财务部主机访问财务部服务器) ``` PC2>ping 192.168.3.1 Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break From 192.168.3.1: bytes=32 seq=1 ttl=254 time=62 ms From 192.168.3.1: bytes=32 seq=2 ttl=254 time=63 ms From 192.168.3.1: bytes=32 seq=3 ttl=254 time=16 ms From 192.168.3.1: bytes=32 seq=4 ttl=254 time=47 ms From 192.168.3.1: bytes=32 seq=5 ttl=254 time=31 ms --- 192.168.3.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/43/63 ms ```