CCNA(Stand-ALONE)Lab 27-Standard Access Lists
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://redking.blog.51cto.com/27212/74740 |
Objective: Gain experience configuring standard access lists.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu Background Reading: Lab Primer Lesson 10: Access Lists If you feel confident about configuring IP addresses and RIP, establish the configuration in the table below, and then continue with step 10.  1. Connect to Router 1, assign it a host name of Router1, and set the IP address on the Ethernet 0 interface to 24.17.2.1 255.255.255.240. Set the IP address on the serial 0 interface to 24.17.2.17 255.255.255.240. Remember to enable both interfaces. Router> enable Router#config t Router(config)#hostname Router1 Router1(config)#interface ethernet0 Router1(config-if)#ip address 24.17.2.1 255.255.255.240 Router1(config-if)#no shutdown Router1(config-if)#exit Router1(config)#interface serial0 Router1(config-if)#ip address 24.17.2.17 255.255.255.240 Router1(config-if)#no shutdown Router1(config-if)#exit Router1(config)#exit  2. Connect to Router 2, assign it a host name of Router2, and set the IP address on the Ethernet 0 interface to 24.17.2.2 255.255.255.240. Remember to enable the interface. Router>enable Router#config t Router(config)#hostname Router2 Router2(config)#interface ethernet0 Router2(config-if)#ip address 24.17.2.2 255.255.255.240 Router2(config-if)#no shutdown Router2(config-if)#exit Router2(config)#exit  3. From Router2, ping Router1’s Ethernet 0 interface to ensure a connection exists. Router2#ping 24.17.2.1  4. Connect to Router 4, assign it a host name of Router4, and set the IP address on the serial 0 interface to 24.17.2.18 255.255.255.240. Then ping Router1’s serial 0 interface. Router>enable Router#config t Router(config)#hostname Router4 Router4(config)#interface serial0 Router4(config-if)#ip address 24.17.2.18 255.255.255.240 Router4(config-if)#no shutdown Router4(config-if)#exit Router4(config)#exit Router4#ping 24.17.2.17  5. Now that IP addresses have been configured on all interfaces, you need to implement a routing protocol to facilitate communication between Router2 and Router4. Enable Routing Information Protocol (RIP) on Router1, and add the network for Ethernet 0 and serial 0. Router1#config t Router1(config)#router rip Router1(config-router)#network 24.0.0.0 Router1(config-router)#exit Router1(config)#exit  6. On Router2, enable RIP and add the network for Ethernet 0. Router2#conf t Router2(config)#router rip Router2(config-router)#network 24.0.0.0 Router2(config-router)#exit Router2(config)#exit  7. On Router4, enable RIP and add the network for serial 0. Router4#conf t Router4(config)#router rip Router4(config-router)#network 24.0.0.0 Router4(config-router)#exit Router4(config)#exit  8. Verify that you can ping Router2’s Ethernet 0 interface from Router4. Router4#ping 24.17.2.2  9. Now, configure a standard access list to block Router4 from being able to ping Router2.You should configure this access list on Router2. First, connect to Router2 and enter global configuration mode. Router2#conf t Router2(config)# 10. Create access list 1 to block the single IP address 24.17.2.18. Here are three ways to accomplish this: Router2(config)#access-list 1 deny host 24.17.2.18 OR Router2(config)#access-list 1 deny 24.17.2.18 0.0.0.0 OR Router2(config)#access-list 1 deny 24.17.2.18 11. Next, issue the access-list 1 permit any command. Router2(config)#access-list 1 permit any  12. Now you need to apply the access list to the Ethernet 0 interface. You must specify the direction of traffic flow upon which the access list should apply. The in parameter configures the access list to apply to packets coming in from the network and traveling to the router. The out parameter configures the access list to apply to packets traveling from the router out the interface to the network. In this scenario, you should use the in parameter. Router2(config)#interface ethernet0 Router2(config-if)#ip access-group 1 in Router2(config-if)#exit  Note: This completes the Standard Access Lists lab. Please continue on to Lab 28: Verify Standard Access Lists without accessing the Lab Navigator.
**************************************************
本文出自 “大唐网络” 博客,请务必保留此出处http://redking.blog.51cto.com/27212/74740 本文出自 51CTO.COM技术博客 |
redking
博客统计信息
热门文章
最新评论
友情链接
