實驗十八——————ACL配置2

FLy_鵬程萬里發表於2018-05-29

實驗內容


  • 完成各裝置配置是的全網互通
  • 在R2上部部署標準訪問控制列表,只允許192.168.12.0/24網段的使用者穿越R2訪問3.3.3.3,其他進入R2 S0/0介面的流量全部丟棄。
  • 在R2上部署ACL,只允許從1.1.1.1到3.3.3.3的ICMP流量以及R1到3.3.3.3的Telnet流量經過
  • 經過R2,其他從R2的S0/0介面進入的流量過濾掉

實驗目的

掌握標準ACL的配置

理解標準ACL的接入控制中的應用

實驗步驟

要求一:

繪製網路拓撲圖如下所示:


IP基本地址資訊為:

PC1的IP地址:1.1.1.1 閘道器地址:1.1.1.254
PC2的IP地址:3.3.3.3 閘道器地址:3.3.3.254
路由器地址資訊為:

路由器其他配置資訊

R1:


R2:


R3:

連通性測試

PC>ipconfig

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::204:9AFF:FEB1:913D
   IP Address......................: 1.1.1.1
   Subnet Mask.....................: 255.255.255.0
   Default Gateway.................: 1.1.1.254

PC>ping 1.1.1.254

Pinging 1.1.1.254 with 32 bytes of data:

Reply from 1.1.1.254: bytes=32 time=0ms TTL=255
Reply from 1.1.1.254: bytes=32 time=0ms TTL=255
Reply from 1.1.1.254: bytes=32 time=1ms TTL=255
Reply from 1.1.1.254: bytes=32 time=0ms TTL=255

Ping statistics for 1.1.1.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

PC>ping 192.168.12.1

Pinging 192.168.12.1 with 32 bytes of data:

Reply from 192.168.12.1: bytes=32 time=0ms TTL=255
Reply from 192.168.12.1: bytes=32 time=0ms TTL=255
Reply from 192.168.12.1: bytes=32 time=0ms TTL=255
Reply from 192.168.12.1: bytes=32 time=0ms TTL=255

Ping statistics for 192.168.12.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

PC>ping 192.168.12.2

Pinging 192.168.12.2 with 32 bytes of data:

Reply from 192.168.12.2: bytes=32 time=1ms TTL=254
Reply from 192.168.12.2: bytes=32 time=5ms TTL=254
Reply from 192.168.12.2: bytes=32 time=4ms TTL=254
Reply from 192.168.12.2: bytes=32 time=5ms TTL=254

Ping statistics for 192.168.12.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 5ms, Average = 3ms

PC>ping 192.168.23.2

Pinging 192.168.23.2 with 32 bytes of data:

Reply from 192.168.23.2: bytes=32 time=1ms TTL=254
Reply from 192.168.23.2: bytes=32 time=1ms TTL=254
Reply from 192.168.23.2: bytes=32 time=2ms TTL=254
Reply from 192.168.23.2: bytes=32 time=5ms TTL=254

Ping statistics for 192.168.23.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 5ms, Average = 2ms

PC>ping 192.168.23.3

Pinging 192.168.23.3 with 32 bytes of data:

Reply from 192.168.23.3: bytes=32 time=12ms TTL=253
Reply from 192.168.23.3: bytes=32 time=2ms TTL=253
Reply from 192.168.23.3: bytes=32 time=2ms TTL=253
Reply from 192.168.23.3: bytes=32 time=14ms TTL=253

Ping statistics for 192.168.23.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 14ms, Average = 7ms

PC>ping 3.3.3.3.
PC>ping 3.3.3.3

Pinging 3.3.3.3 with 32 bytes of data:

Request timed out.
Reply from 3.3.3.3: bytes=32 time=7ms TTL=125
Reply from 3.3.3.3: bytes=32 time=2ms TTL=125
Reply from 3.3.3.3: bytes=32 time=3ms TTL=125

Ping statistics for 3.3.3.3:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 7ms, Average = 4ms

PC>

基於以上驗證,說明全網通!

要求二:

在R2上部署標準訪問控制列表只允許192.168.12.0/24網段的使用者穿越R2訪問3.3.3.3,其他進入R2 s0/0/0介面的流量全部丟棄。

R2的配置如下:


用ip地址為192.168.12.1的R1測試的時候發現可以ping通


用PC1(ip地址為1.1.1.1),發現不可以ping通


結論:發現其他進入R2 s0/0/0介面的流量全部丟棄,無法到達3.3.3.3。

要求三:

在R2上部署ACL,只允許從1.1.1.1到3.3.3.3的ICMP流量以及R1到3.3.3.3的telnet流經過R2,其他從R2 s0/0/0介面進入的流量過濾掉。

R2的配置如下:


開啟R3的Telnet:


測試:


由測試內容我們可以發現ICMP的流量可以到達3.3.3.3,同時可以Telnet到3.3.3.3


至此,該實驗結束!

相關文章