Cyber_Security_Notes/B. 第二阶段/拓扑练习/0829_基本ACL.md
2024-08-29 18:19:40 +08:00

3.2 KiB

基本ACL

image-20240829181207506

image-20240829174643775

一、IP & Routing

  • PC & Server

  • AR1

    [AR1]int g0/0/1
    [AR1-GigabitEthernet0/0/1]ip add 192.168.1.254 24
    [AR1-GigabitEthernet0/0/1]int g0/0/0
    [AR1-GigabitEthernet0/0/0]ip add 192.168.12.1 24
    [AR1-GigabitEthernet0/0/0]quit
    [AR1]ip route-static 192.168.2.0 24 192.168.12.2
    [AR1]ip route-static 192.168.3.0 24 192.168.12.2
    
  • AR2

    [AR2]int g0/0/0
    [AR2-GigabitEthernet0/0/0]ip add 192.168.12.2 24
    [AR2-GigabitEthernet0/0/0]int g0/0/1
    [AR2-GigabitEthernet0/0/1]ip add 192.168.2.254 24
    [AR2-GigabitEthernet0/0/1]int g0/0/2
    [AR2-GigabitEthernet0/0/2]ip add 192.168.3.254 24
    [AR2-GigabitEthernet0/0/2]quit
    [AR2]ip route-static 192.168.1.0 24 192.168.12.1
    

二、VLAN

  • SW1

    [SW1]vlan 10
    [SW1-vlan10]quit   
    [SW1]port-group group-member g0/0/1 g0/0/2      
    [SW1-port-group]port link-type access   
    [SW1-port-group]port default vlan 10
    
  • SW2

    [SW2]vlan 20
    [SW2-vlan20]quit   
    [SW2]port-group group-member g0/0/1 g0/0/2   
    [SW2-port-group]port link-type access 
    [SW2-port-group]port default vlan 20
    

三、连通性测试

全通

四、ACL

  • AR2

    [AR2]acl 2000    
    [AR2-acl-basic-2000]rule 10 deny source 192.168.1.0 0.0.0.255
    [AR2-acl-basic-2000]quit
    [AR2]int g0/0/2  
    [AR2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000
    

五、功能性测试

  • PC1 PING Server(不允许售后部所有主机访问财务部服务器)

    PC2>ping 192.168.3.1
    
    Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
    Request timeout!
    Request timeout!
    Request timeout!
    Request timeout!
    Request timeout!
    
    --- 192.168.3.1 ping statistics ---
      5 packet(s) transmitted
      0 packet(s) received
      100.00% packet loss
    
  • PC1 PING PC2(允许售后部主机访问财务部主机)

    PC1>ping 192.168.2.1
    
    Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
    From 192.168.2.1: bytes=32 seq=1 ttl=126 time=63 ms
    From 192.168.2.1: bytes=32 seq=2 ttl=126 time=78 ms
    From 192.168.2.1: bytes=32 seq=3 ttl=126 time=78 ms
    From 192.168.2.1: bytes=32 seq=4 ttl=126 time=62 ms
    From 192.168.2.1: bytes=32 seq=5 ttl=126 time=78 ms
    
    --- 192.168.2.1 ping statistics ---
      5 packet(s) transmitted
      5 packet(s) received
      0.00% packet loss
      round-trip min/avg/max = 62/71/78 ms
    
  • PC2 PING Server(允许财务部主机访问财务部服务器)

    PC2>ping 192.168.3.1
    
    Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
    From 192.168.3.1: bytes=32 seq=1 ttl=254 time=62 ms
    From 192.168.3.1: bytes=32 seq=2 ttl=254 time=63 ms
    From 192.168.3.1: bytes=32 seq=3 ttl=254 time=16 ms
    From 192.168.3.1: bytes=32 seq=4 ttl=254 time=47 ms
    From 192.168.3.1: bytes=32 seq=5 ttl=254 time=31 ms
    
    --- 192.168.3.1 ping statistics ---
      5 packet(s) transmitted
      5 packet(s) received
      0.00% packet loss
      round-trip min/avg/max = 16/43/63 ms