收藏
下载资源

2022年在三层交换机上配置ACL反向ACL访问控制列表参考 .pdf

上传人:C****o 文档编号:34250728 上传时间:2022-08-15 格式:PDF 页数:7 大小:477.20KB
返回 下载 相关 举报
2022年在三层交换机上配置ACL反向ACL访问控制列表参考 .pdf_第1页
第1页 / 共7页
2022年在三层交换机上配置ACL反向ACL访问控制列表参考 .pdf_第2页
第2页 / 共7页
点击查看更多>>
资源描述

《2022年在三层交换机上配置ACL反向ACL访问控制列表参考 .pdf》由会员分享,可在线阅读,更多相关《2022年在三层交换机上配置ACL反向ACL访问控制列表参考 .pdf(7页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、拓扑图要求名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 1 页,共 7 页 - - - - - - - - - 3750 配置:3750#conf t 3750(config)#int f0/15 3750(config-if)#switchport mode trunk 3750(config)#end 3750#vlan database 3750(vlan)#vtp server 3750(vlan)#vtp domain sy 3750(vlan)#vtp password

2、 cisco 3750(vlan)#vlan 10 3750(vlan)#vlan 20 3750(vlan)#vlan 30 3750(vlan)#vlan 40 3750(vlan)#vlan 100 3750(vlan)#exit 3750(config)#ip routing 3750(config)#int vlan 10 3750(config-if)#ip address 192.168.10.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 20 3750

3、(config-if)#ip address 192.168.20.1 255.255.255.0 3750(config-if)#no shutdown 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 2 页,共 7 页 - - - - - - - - - 3750(config-if)#exit 3750(config)#int vlan 30 3750(config-if)#ip address 192.168.30.1 255.255.255.0 3750(config-if

4、)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 40 3750(config-if)#ip address 192.168.40.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(config)#int vlan 100 3750(config-if)#ip address 192.168.100.1 255.255.255.0 3750(config-if)#no shutdown 3750(config-if)#exit 3750(co

5、nfig)#end 3750(config)#int f0/1 3750(config-if)#switchport access vlan 100 3750(config-if)#end 配置 ACL 3750#conf t 3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 3750(config)#access-

6、list 100 permit ip any any 3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 3750(config)#access-list 101 permit ip any any 3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255

7、192.168.10.0 0.0.0.255 3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255 3750(config)#access-list 102 permit ip any any 3750(config)#ip access-list extended infilter /在入方向放置reflect/ 3750(config-ext-nacl)#permit ip any any reflect ccna 3750(config-ext-nacl)#exit 3750(

8、config)#ip access-list extended outfilter /在出方向放置evaluate/ 3750(config-ext-nacl)#evaluate ccna 3750(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any 3750(config-ext-nacl)#deny ip 192.168.20.0 0.0.0.255 any 3750(config-ext-nacl)#deny ip 192.168.30.0 0.0.0.255 any 3750(config-ext-nacl)#permit ip an

9、y any 3750(config-ext-nacl)#exit 3750(config)#int vlan 40 /应用到管理接口/ 3750(config-if)#ip access-group infilter in 3750(config-if)#ip access-group outfilter out 3750(config-if)#exit 3750(config)#int vlan 10 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 3 页,共 7 页 - - -

10、- - - - - - 3750(config-if)#ip access-group 100 in 3750(config-if)#exit 3750(config)#int vlan 20 3750(config-if)#ip access-group 101 in 3750(config-if)#exit 3750(config)#int vlan 30 3750(config-if)#ip access-group 102 in 3750(config-if)#end 2960 配置:2960#conf t 2960(config)#int f0/15 2960(config-if)#

11、switchport mode trunk 2960(config-if)#switchport trunk encapsulation dot1q 2960(config-if)#end 2960#vlan database 2960(vlan)#vtp client 2960(vlan)#vtp domain sy 2960(vlan)#vtp password cisco 2960(vlan)#exit 2960#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported local

12、ly : 256 Number of existing VLANs : 10VTP Operating Mode : Client VTP Domain Name : sy VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0 x4D 0 xA8 0 xC9 0 x00 0 xDC 0 x58 0 x2F 0 xDDConfiguration last modified by 0.0.0.0 at 3-1-02 00:13:34 2960#show vla

13、n-sw brief VLAN Name Status Ports - - - - 1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3 Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14 10 VLAN0010 active 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 4 页,共 7 页 - - - - - - - - - 20 VLAN0

14、020 active 30 VLAN0030 active 40 VLAN0040 active 100 VLAN0100 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active 2960#conf t 2960(config)#int f0/1 2960(config-if)#switchport access vlan 10 2960(config-if)#int f0/2 2960(config-if)#swit

15、chport access vlan 20 2960(config-if)#int f0/3 2960(config-if)#switchport access vlan 30 2960(config-if)#int f0/4 2960(config-if)#switchport access vlan 40 2960(config-if)#end 客户机验证:PC1 :PC1#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is

16、 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to

17、 192.168.40.40, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC1#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 104/268/336 ms 名师资料总结 - - -精品资料欢迎

18、下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 5 页,共 7 页 - - - - - - - - - PC2 :PC2#ping 192.168.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC2#ping 192.168.30.30 Type escape sequenc

19、e to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC2#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC2#ping 192.168

20、.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/170/336 ms PC3 :PC3#ping 192.168.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, tim

21、eout is 2 seconds: .U.U. Success rate is 0 percent (0/5) PC3#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC3#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP E

22、chos to 192.168.40.40, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) PC3#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/218/416 ms 名师资料总结 - -

23、-精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 6 页,共 7 页 - - - - - - - - - PC4 :PC4#ping 192.168.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: .! Success rate is 80 percent (4/5), round-trip min/avg/max = 240/331/508

24、 ms PC4#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 220/288/356 ms PC4#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.16

25、8.30.30, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/207/268 ms PC4#ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 9

26、6/219/440 ms PC5 :PC5#ping 192.168.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 92/194/284 ms PC5#ping 192.168.20.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Ec

27、hos to 192.168.20.20, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/209/336 ms PC5#ping 192.168.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/av

28、g/max = 64/184/372 ms PC5#ping 192.168.40.40 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 192/239/308 ms名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 7 页,共 7 页 - - - - - - - - -

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 教育专区 > 高考资料

本站为文档C TO C交易模式,本站只提供存储空间、用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。本站仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知淘文阁网,我们立即给予删除!客服QQ:136780468 微信:18945177775 电话:18904686070

工信部备案号:黑ICP备15003705号© 2020-2023 www.taowenge.com 淘文阁