91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

命名訪問控制列表詳解

發布時間:2020-07-04 03:48:03 來源:網絡 閱讀:1114 作者:23trl 欄目:云計算

命名訪問控制列表詳解

命名訪問控制列表

本章目標:通過實驗學會命名訪問控制列表,添加訪問控制,刪除訪問控制

實驗圖:

命名訪問控制列表詳解

4臺主機,一個二層交換機,一個三層交換機
sw1:劃分VLAN,給VLAN配置接口,做trunk鏈路
sw2:劃分vlan,通過接口給vlan配置虛擬地址,做trunk鏈路,做命名訪問控制
,關閉交換端口變成三層端口。
pc1:192.168.10.10/24
pc2:192.168.10.20/24
pc3:192.168.20.20/24
pc4:192.168.100.100/24

一.給二層交換機配置VLAN,給vlan配置接口,做trunk鏈路

sw1#conf t
sw1(config)#vlan 10,20
sw1(config-vlan)#do show vlan-sw b  //查看vlan詳細信息
sw1(config-vlan)#ex
sw1(config)#do show vlan-sw b

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
10   VLAN0010                         active    
20   VLAN0020                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw1(config)#int range fa1/1 -2
sw1(config-if-range)#sw mo acc         //進入接口模式
sw1(config-if-range)#sw acc vlan 10  //配置vlan
sw1(config-if-range)#ex
sw1(config)#do show vlan-sw b 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/3, Fa1/4, Fa1/5
                                                Fa1/6, Fa1/7, Fa1/8, Fa1/9
                                                Fa1/10, Fa1/11, Fa1/12, Fa1/13
                                                Fa1/14, Fa1/15
10   VLAN0010                         active    Fa1/1, Fa1/2
20   VLAN0020                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw1(config)#int f1/3
sw1(config-if)#sw mo acc 
sw1(config-if)#sw acc vlan 20
sw1(config-if)#ex
sw1(config)#do show vlan-sw b

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/4, Fa1/5, Fa1/6
                                                Fa1/7, Fa1/8, Fa1/9, Fa1/10
                                                Fa1/11, Fa1/12, Fa1/13, Fa1/14
                                                Fa1/15
10   VLAN0010                         active    Fa1/1, Fa1/2
20   VLAN0020                         active    Fa1/3
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

sw1(config)#int f1/0
sw1(config-if)#sw mo t
sw1(config-if)#sw t en dot
sw1(config-if)#ex
sw1(config)#no ip routing  //關閉路由功能

二.進入三層交換機,劃分vlan,通過接口給vlan配置虛擬網址(需要關閉交換端口),配置trunk鏈路

sw2#conf t
sw2(config)#int f1/1
sw2(config-if)#no switchport //關閉交換端口
sw2(config-if)#ip add 192.168.100.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  up                    up      
FastEthernet1/1            192.168.100.1   YES manual up                    up      
FastEthernet1/2            unassigned      YES unset  up                    down    
FastEthernet1/3            unassigned      YES unset  up                    down    
FastEthernet1/4            unassigned      YES unset  up                    down    
FastEthernet1/5            unassigned      YES unset  up                    down    
FastEthernet1/6            unassigned      YES unset  up                    down    
FastEthernet1/7            unassigned      YES unset  up                    down    
FastEthernet1/8            unassigned      YES unset  up                    down    
FastEthernet1/9            unassigned      YES unset  up                    down    
FastEthernet1/10           unassigned      YES unset  up                    down    
FastEthernet1/11           unassigned      YES unset  up                    down    
FastEthernet1/12           unassigned      YES unset  up                    down    
FastEthernet1/13           unassigned      YES unset  up                    down    
FastEthernet1/14           unassigned      YES unset  up                    down    
FastEthernet1/15           unassigned      YES unset  up                    down    
Vlan1                      unassigned      YES unset  up                    up      
sw2(config-if)#ex 
sw2(config)#vlan 10,20
sw2(config-vlan)#ex
sw2(config)#int vlan 10
sw2(config-if)#ip add 192.168.10.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#ex
sw2(config)#int vlan 20
sw2(config-if)#ip add 192.168.20.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#ex
sw2(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  up                    up      
FastEthernet1/1            192.168.100.1   YES manual up                    up      
FastEthernet1/2            unassigned      YES unset  up                    down    
FastEthernet1/3            unassigned      YES unset  up                    down    
FastEthernet1/4            unassigned      YES unset  up                    down    
FastEthernet1/5            unassigned      YES unset  up                    down    
FastEthernet1/6            unassigned      YES unset  up                    down    
FastEthernet1/7            unassigned      YES unset  up                    down    
FastEthernet1/8            unassigned      YES unset  up                    down    
FastEthernet1/9            unassigned      YES unset  up                    down    
FastEthernet1/10           unassigned      YES unset  up                    down    
FastEthernet1/11           unassigned      YES unset  up                    down    
FastEthernet1/12           unassigned      YES unset  up                    down    
FastEthernet1/13           unassigned      YES unset  up                    down    
FastEthernet1/14           unassigned      YES unset  up                    down    
FastEthernet1/15           unassigned      YES unset  up                    down    
Vlan1                      unassigned      YES unset  up                    up      
Vlan10                     192.168.10.1    YES manual up                    down    
Vlan20                     192.168.20.1    YES manual up                    down    
sw2(config)#int f1/0
sw2(config-if)#sw mo t
sw2(config-if)#sw t en dot
sw2(config-if)#ex

三.給每個主機配置IP地址和網關

PC4> 
PC4> ip 192.168.100.100 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.100 255.255.255.0 gateway 192.168.100.1

PC1> ip 192.168.10.10 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.1

PC2> 
PC2> ip 192.168.10.20 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.20 255.255.255.0 gateway 192.168.10.1

PC3> ip 192.168.20.20 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.20 255.255.255.0 gateway 192.168.20.1

四.測試是不是全網互通

PC1> ping 192.168.100.100

168.100.100 icmp_seq=1 timeout
bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=14.997 ms
bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=15.984 ms
bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=16.953 ms
bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=20.978 ms

PC1> ping 192.168.10.20
bytes from 192.168.10.20 icmp_seq=1 ttl=64 time=0.000 ms
bytes from 192.168.10.20 icmp_seq=2 ttl=64 time=0.000 ms
bytes from 192.168.10.20 icmp_seq=3 ttl=64 time=0.979 ms
bytes from 192.168.10.20 icmp_seq=4 ttl=64 time=0.000 ms

PC1> ping 192.168.20.20
168.20.20 icmp_seq=1 timeout
bytes from 192.168.20.20 icmp_seq=2 ttl=63 time=14.960 ms
bytes from 192.168.20.20 icmp_seq=3 ttl=63 time=18.941 ms
bytes from 192.168.20.20 icmp_seq=4 ttl=63 time=15.956 ms
bytes from 192.168.20.20 icmp_seq=5 ttl=63 time=19.973 ms

五.進入三層交換機配置命名訪問控制列表

sw2(config)#ip access-list standard kgc  //進入標準訪問控制,命名叫kgc
sw2(config-std-nacl)#permit host 192.168.10.10  //允許10.10主機訪問
sw2(config-std-nacl)#deny 192.168.10.0 0.0.0.255 //拒絕10.0網段主機訪問
sw2(config-std-nacl)#permit any  //允許所有主機訪問
sw2(config-std-nacl)#ex
sw2(config)#do show access-lists    //查看訪問控制列表
Standard IP access list kgc
    10 permit 192.168.10.10
    20 deny   192.168.10.0, wildcard bits 0.0.0.255
    30 permit any
sw2(config)#int f1/1
sw2(config-if)#ip access-group kgc out  //應用于接口,離限制最近的,如果我要設置為入,我需要設置三次,出就要一次就夠了
sw2(config-if)#ex

六.測試我們實驗的需求是否生效

PC1> ping 192.168.100.100
84 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=18.941 ms
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=15.408 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=12.003 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=20.997 ms

PC3> ping 192.168.100.100
84 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=20.942 ms
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=14.992 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=13.963 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=14.925 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=21.940 ms

PC2> ping 192.168.100.100
*192.168.10.1 icmp_seq=1 ttl=255 time=8.972 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=2 ttl=255 time=10.971 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=3 ttl=255 time=5.987 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=4 ttl=255 time=10.969 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=5 ttl=255 time=2.998 ms (ICMP type:3, code:13, Communication administratively prohibited)

七.我們再加一條需求,我們有允許10.20主機可以去訪問

sw2(config)#ip access-list standard kgc
sw2(config-std-nacl)#12 permit host 192.168.10.20  //我們只能寫10的上面或者10-20之間,我們要寫到20下面就沒有任何意義,
已經拒絕10.0網段的了再寫10.20無意義。
sw2(config-std-nacl)#ex
sw2(config)#do show access-lists
Standard IP access list kgc
    10 permit 192.168.10.10 (8 matches)
    12 permit 192.168.10.20
    20 deny   192.168.10.0, wildcard bits 0.0.0.255 (10 matches)
    30 permit any (5 matches)

八.來測試PC2,10.20能不能訪問pc4主機

PC2> ping 192.168.100.100
192.168.100.100 icmp_seq=1 timeout
192.168.100.100 icmp_seq=2 timeout
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=20.970 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=17.950 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=18.008 ms

九.刪除訪問控制列表的一條,如果要刪除整租ACL,no ip access-ist stand kgc

sw2(config)#ip access-list standard kgc
sw2(config-std-nacl)#no 12
sw2(config-std-nacl)#do show access-lists                                  
Standard IP access list kgc
    10 permit 192.168.10.10 (8 matches)
    20 deny   192.168.10.0, wildcard bits 0.0.0.255 (10 matches)
    30 permit any (5 matches)
sw2(config)#no ip access-list standard kgc            
sw2(config)#do show access-lists          

sw2(config)#

本章內容結束,謝謝收看

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

阆中市| 博罗县| 溧水县| 全州县| 太仓市| 闻喜县| 合川市| 滨州市| 抚顺市| 佛山市| 逊克县| 冕宁县| 北票市| 宁都县| 天祝| 师宗县| 拜泉县| 英山县| 营山县| 兴山县| 嘉黎县| 兰西县| 沂源县| 洛宁县| 黑河市| 固原市| 金堂县| 罗山县| 海伦市| 汉阴县| 琼海市| 盱眙县| 河东区| 江川县| 兰西县| 子长县| 栾川县| 怀远县| 霍州市| 湘乡市| 吉木萨尔县|