欢迎您访问我爱IT技术网,今天小编为你分享的电脑教程是网络协议方面的经验知识教程:ACL标准控制列表和扩展控制列表,下面是详细的分享!
ACL标准控制列表和扩展控制列表
ACL标准控制列表和扩展控制列表
lo0:2.2 r1(R2) s1/0 ---- s2/0 r1(R1) lo0 1.1 s1/0 -------- s2/0 r3 lo0 3.3
step 1...
r1:
en
config t
hostname R2
no ip domain-lookup
lin 0
exec-timeout 0 0
logging syn
exit
int lo 0
ip add 2.2.2.2 255.255.255.255
exit
int s1/0
ip add 12.1.1.2 255.255.255.0
no shutdown
exit
r2
en
config t
hostname R1
no ip domain-lookup
lin 0
exec-timeout 0 0
logging syn
exit
int lo 0
ip add 1.1.1.1 255.255.255.255
exit
int s2/0
ip add 12.1.1.1 255.255.255.0
no shutdown
exit
int s1/0
ip add 13.1.1.1 255.255.255.0
no shutdown
exit
r3
en
config t
hostname R3
no ip domain-lookup
lin 0
exec-timeout 0 0
logging syn
exit
int lo 0
ip add 3.3.3.3 255.255.255.255
exit
int s2/0
ip add 13.1.1.3 255.255.255.0
no shutdown
exit
R1 ping 12.1.1.2
R1 Ping 13.1.1.3
---------------------------------------------------------------
step 2......
R1 ip route 2.2.2.2 255.255.255.255 s2/0 12.1.1.2
R1 ip route 3.3.3.3 255.255.255.255 s1/0 13.1.1.3
R2 ip route 1.1.1.1 255.255.255.255 s1/0 12.1.1.1
R2 ip route 3.3.3.3 255.255.255.255 s1/0 12.1.1.1
R2 ip route 13.1.1.0 255.255.255.0 s1/0 12.1.1.1
R3 ip route 1.1.1.1 255.255.255.255 s2/0 13.1.1.1
R3 ip route 2.2.2.2 255.255.255.255 s2/0 13.1.1.1
R3 ip route 12.1.1.0 255.255.255.0 s2/0 13.1.1.1
R1 ping 2.2.2.2 source loopback 0
R1 ping 3.3.3.3 source loopback 0
R2 ping 1.1.1.1 source loopback 0
R2 ping 3.3.3.3 source loopback 0
R3 ping 2.2.2.2 source loopback 0
R3 ping 1.1.1.1 source loopback 0
R3 ping 12.1.1.1 shorce loopback 0
--------------------------------------------------------------------
step 3.....
R2 ping 3.3.3.3 source loopback 0
r1 debug ip packet
r1 int s2/0
no ip route-cache
end
r1 unde all
r1 show ip route
---------------------------------------------------------------------
step 4.....
r1 access-list?
access-list 10 ?
access-list 10 deny ?
access-list 10 deny 2.2.2.2 ?
access-list 10 deny host 2.2.2.2
r1 show ip access-list 10
------------------------------------------------------------------
step 5.....
r1 config t
int s2/0
ip access-group 10 ?
ip access-group 10 in
end
r2 ping 3.3.3.3 source loopback 0
r1 debug ip packet
r2 ping 3.3.3.3 source loopback 0
r1 unde all
r3 debug ip packet
r2 ping 3.3.3.3 source loopback 0
-------------------------------------------------------------------
step 5 第二种做法
r1 config t
int s2/0
no ip access-group 10 in
exit
int s1/0
ip access-group 10 out
end
r1 debug ip packet
r2 ping 3.3.3.3 source loopback 0
......这次是超时
r3 debug ip packet
依然收不到包
-------------------------------------------------------------------
step 6
r2 config t
int lo 0
ip add 22.22.22.22 255.255.255.255
end
r1 ip route 22.22.22.22 255.255.255.255 s2/0 12.1.1.2
end
r3 ip route 22.22.22.22 255.255.255.255.s2/0 13.1.1.1
r2 int lo0
ip add 2.2.2.2 255.255.255.255 secondary
end
show ip int bri
r1 no access-list 10
show ip access-list
r1 config t
access-list 10 deny host 2.2.2.2
end
show ip access-list
r2 ping 3.3.3.3 source 2.2.2.2
r1 show ip access-list
r2 ping 3.3.3.3 source 22.22.22.22
r1 show ip access-list
因为它没有22.22.22.22 通过的条目 acl默认的拒绝
r1 config t
access-list 10 deny any// access-list 10 permit any
show ip access-list
访问控制列表
控制层
转发层
控制层变了转发层会变
路由器拆包拆到第三层 ip层 每个路由器都看到数据包的第三层
先查ACL再查路由表
标准: 基于源地址 (ip 地址)
扩展: 基于源地址 目标地址 端口号 协议号
不管是标准的还是扩展的ACL都是默认的拒绝
环回口就是路由器自身的包 路由器不会被拒绝
为什么这个列表不能做在R2上面呢? 因为路由器不会拒绝自己本身的发包
以上就是关于ACL标准控制列表和扩展控制列表的网络协议知识分享,更多电脑教程请移步到>>电脑教程。
- 评论列表(网友评论仅供网友表达个人看法,并不表明本站同意其观点或证实其描述)
-