需求:
0、确保全网互通
1、客户端1访问服务器web服务器
2、客户端1访问192.168.2.0
3、客户端1禁止访问其他网络实验图:理解:
ACL :应用于路由器接口的指令列表规则
ACL :读取第3层、第4层的消息报头信息过滤消息
(元组)源IP目标IP源端口号目标端口号协议号实验配置(ar1 ) intg0/0/0
[ ar1 -千兆以太网0/0/0 ] ipadd 192.168.1.25424
[ ar1 -千兆以太网0/0/0 ] un Shu [ ar1 ] intg0/0/1
[ ar1 -千兆以太网0/0/1 ] ipadd 192.168.4.124
[ ar1 -千兆以太网0/0/1 ] uns hutdown [ ar1 ] rip
[ ar1-rip-1 ]版本2
[ ar1-rip-1 ]网络192.168.1.0
[ ar1-rip-1 ] network 192.168.4.0 [ ar2 -千兆以太网0/0/0 ] ipadd 192.168.4.224
[ ar2 -千兆以太网0/0/0 ] uns hutdown [ ar2 ] intg0/0/1
[ ar2 -千兆以太网0/0/1 ] ipadd 192.168.5.124
[ ar2 -千兆以太网0/0/1 ] uns hutdown [ ar2 ] intg0/0/2
[ ar2 -千兆以太网0/0/2 ] ipadd 192.168.2.25424
[ ar2 -千兆以太网0/0/2 ] uns hutdown [ ar2 ] rip
[ ar2-rip-1 ]版本2
[ ar2-rip-1 ]网络192.168.2.0
[ ar2-rip-1 ]网络192.168.4.0
[ ar2-rip-1 ]网络192.168.5.0 [ ar3 ] intg0/0/0
[ ar3 -千兆以太网0/0/0 ] ipadd 192.168.5.224
[ ar3 -千兆以太网0/0/0 ] un Shu [ ar3 ] intg0/0/1
[ ar3 -千兆以太网0/0/1 ] ipadd 192.168.3.25424
[ ar3 -千兆以太网0/0/1 ] uns hutdown
[ar3]rip
[ ar3-rip-1 ]版本2
[ ar3-rip-1 ]网络192.168.5.0
[ ar3-rip-1 ]网络192.168.3.0
请参见----------------------------------------- -
高级ACL配置:
[ ar1-ACL-adv-3000 ] rulepermittcpsource 192.168.1.1 destination 192.168.3.10
目的端口eq80
//规则{默认5}TCP源IP目标IP {均等}协议编号[ ar1-ACL-adv-3000 ] rulepermitipsource 192.168.1.10 destination 192
0.0.0.255
//规则{默认5 }允许IP源IP目标IP匹配{网段} [ ar1-ACL-adv-3000 ]规则
//规则{默认值5}阻止源ip访问其他网络[ ar1 -千兆以太网0/0/1 ]传输文件分配3000
//{流量}过滤器接口内部APP
检查显示全部3000或显示全部
验证接口是否已在UP display ip interface brief中删除高级ACL配置。
[ ar1 -千兆以太网0/0/0 ]还原传输文件输入
[ ar1-ACL-adv-3000 ] undo rule5source
[ar1]un acl 3000