欧美一区二区三区老妇人-欧美做爰猛烈大尺度电-99久久夜色精品国产亚洲a-亚洲福利视频一区二区

命名訪問(wèn)控制列表配置實(shí)驗(yàn)

實(shí)驗(yàn)配置圖及要求

命名訪問(wèn)控制列表配置實(shí)驗(yàn)

成都創(chuàng)新互聯(lián)公司專注于上街網(wǎng)站建設(shè)服務(wù)及定制,我們擁有豐富的企業(yè)做網(wǎng)站經(jīng)驗(yàn)。 熱誠(chéng)為您提供上街營(yíng)銷型網(wǎng)站建設(shè),上街網(wǎng)站制作、上街網(wǎng)頁(yè)設(shè)計(jì)、上街網(wǎng)站官網(wǎng)定制、小程序開發(fā)服務(wù),打造上街網(wǎng)絡(luò)公司原創(chuàng)品牌,更為您提供上街網(wǎng)站排名全網(wǎng)營(yíng)銷落地服務(wù)。

1、四臺(tái)主機(jī)配置地址

PC1:
PC1> ip 192.168.100.100 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.100 255.255.255.0 gateway 192.168.100.1

PC2:
PC2> ip 192.168.10.10 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.1

PC3:
PC3> ip 192.168.10.20 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.20 255.255.255.0 gateway 192.168.10.1

PC4:
PC4> ip 192.168.20.20 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.20 255.255.255.0 gateway 192.168.20.1

2、在交換機(jī)上配置兩個(gè)vlan域,f1/1和f1/2放在vlan 10中,f1/3放在vlan 20中,f1/0配置trunk鏈路,最后要關(guān)閉路由功能。

sw#conf t
sw(config)#vlan 10,20
sw(config-vlan)#ex
sw(config)#do show vlan-sw b
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
10   VLAN0010                         active    
20   VLAN0020                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw(config)#int f1/3
sw(config-if)#sw mo acc
sw(config-if)#sw acc vlan 20
sw(config-if)#ex
sw(config)#do show vlan-sw b
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/4, Fa1/5, Fa1/6
                                                Fa1/7, Fa1/8, Fa1/9, Fa1/10
                                                Fa1/11, Fa1/12, Fa1/13, Fa1/14
                                                Fa1/15
10   VLAN0010                         active    Fa1/1, Fa1/2
20   VLAN0020                         active    Fa1/3
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw(config)#int f1/0
sw(config-if)#sw mo t
sw(config-if)#sw t en dot
sw(config-if)#ex
sw(config)#no ip routing        //關(guān)閉路由功能

3、在三層交換機(jī)f1/1端口關(guān)閉交換端口,配置網(wǎng)關(guān)地址,f1/0端口配置trunk鏈路;在vlan 10、20中放入網(wǎng)關(guān)地址。

sw-3#conf t
sw-3(config)#int f1/1
sw-3(config-if)#no switchport                     
sw-3(config-if)#ip add 192.168.100.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config-if)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  up                    up      
FastEthernet1/1            192.168.100.1   YES manual up                    up      
FastEthernet1/2            unassigned      YES unset  up                    down    
FastEthernet1/3            unassigned      YES unset  up                    down    
FastEthernet1/4            unassigned      YES unset  up                    down    
FastEthernet1/5            unassigned      YES unset  up                    down    
FastEthernet1/6            unassigned      YES unset  up                    down    
FastEthernet1/7            unassigned      YES unset  up                    down    
FastEthernet1/8            unassigned      YES unset  up                    down    
FastEthernet1/9            unassigned      YES unset  up                    down    
FastEthernet1/10           unassigned      YES unset  up                    down    
FastEthernet1/11           unassigned      YES unset  up                    down    
FastEthernet1/12           unassigned      YES unset  up                    down    
FastEthernet1/13           unassigned      YES unset  up                    down    
FastEthernet1/14           unassigned      YES unset  up                    down    
FastEthernet1/15           unassigned      YES unset  up                    down    
Vlan1                      unassigned      YES unset  up                    up      
sw-3(config-if)#ex       
sw-3(config)#vlan 10,20
sw-3(config-vlan)#int vlan 10
sw-3(config-if)#ip add 192.168.10.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config-if)#ex
sw-3(config)#int vlan 20
sw-3(config-if)#ip add 192.168.20.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config-if)#ex
sw-3(config)#int f1/0
sw-3(config-if)#sw mo t
sw-3(config-if)#sw t en dot
sw-3(config-if)#do show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
C    192.168.100.0/24 is directly connected, FastEthernet1/1

4、此時(shí)四臺(tái)主機(jī)能互相ping通,即全網(wǎng)互通

PC2> ping 192.168.100.100
192.168.100.100 icmp_seq=1 timeout
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=35.971 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=41.517 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.738 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=35.188 ms

PC2>ping 192.168.10.20                                  
84 bytes from 192.168.10.20 icmp_seq=1 ttl=64 time=0.505 ms
84 bytes from 192.168.10.20 icmp_seq=2 ttl=64 time=0.000 ms
84 bytes from 192.168.10.20 icmp_seq=3 ttl=64 time=0.000 ms
84 bytes from 192.168.10.20 icmp_seq=4 ttl=64 time=0.000 ms
84 bytes from 192.168.10.20 icmp_seq=5 ttl=64 time=0.000 ms

PC2> ping 192.168.20.20
192.168.20.20 icmp_seq=1 timeout
84 bytes from 192.168.20.20 icmp_seq=2 ttl=63 time=31.229 ms
84 bytes from 192.168.20.20 icmp_seq=3 ttl=63 time=37.597 ms
84 bytes from 192.168.20.20 icmp_seq=4 ttl=63 time=31.007 ms
84 bytes from 192.168.20.20 icmp_seq=5 ttl=63 time=40.123 ms

5、在三層交換機(jī)上創(chuàng)建命名控制列表并定義其中的規(guī)則

sw-3(config)#ip access-list standard kgc
sw-3(config-std-nacl)#permit host 192.168.10.10
sw-3(config-std-nacl)#deny 192.168.10.0 0.0.0.255
sw-3(config-std-nacl)#permit any
sw-3(config-std-nacl)#ex
sw-3(config)#do show access-list
Standard IP access list kgc
    10 permit 192.168.10.10
    20 deny   192.168.10.0, wildcard bits 0.0.0.255
    30 permit any
sw-3(config)#int f1/1
sw-3(config-if)#ip access-group kgc out     //策略應(yīng)用在網(wǎng)關(guān)

6、結(jié)果測(cè)試
vlan 10中的PC3被禁止訪問(wèn)PC1

PC3> ping 192.168.100.100
*192.168.10.1 icmp_seq=1 ttl=255 time=30.919 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=2 ttl=255 time=16.133 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=3 ttl=255 time=31.012 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=4 ttl=255 time=22.354 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=5 ttl=255 time=15.630 ms (ICMP type:3, code:13, Communication administratively prohibited)

vlan 10中的PC2被允許訪問(wèn)PC1

PC2> ping 192.168.100.100                               
192.168.100.100 icmp_seq=1 timeout
192.168.100.100 icmp_seq=2 timeout
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=35.353 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.321 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=31.239 ms

其它網(wǎng)段的主機(jī)(20網(wǎng)段)被允許訪問(wèn)PC1

PC4> ping 192.168.100.100
84 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=32.766 ms
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=31.240 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=31.244 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.329 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=31.067 ms

實(shí)驗(yàn)成功,謝謝大家的鼓勵(lì)和支持!

新聞名稱:命名訪問(wèn)控制列表配置實(shí)驗(yàn)
標(biāo)題網(wǎng)址:http://chinadenli.net/article12/ppiigc.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供手機(jī)網(wǎng)站建設(shè)、企業(yè)網(wǎng)站制作、網(wǎng)站內(nèi)鏈、營(yíng)銷型網(wǎng)站建設(shè)微信公眾號(hào)、建站公司

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

成都定制網(wǎng)站網(wǎng)頁(yè)設(shè)計(jì)