CCNA(Stand-ALONE)Lab 29-Extended Access Lists
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://redking.blog.51cto.com/27212/74769 |
Objective: Gain experience configuring extended access lists.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu Background Reading: Lab Primer Lesson 10: Access Lists  1. If you have just completed Lab 28: Verifying Standard Access Lists, then all you need to do is execute the no ip access-group 1 in command on the Ethernet 0 interface of Router2, and then start this lab at step 10. Router2>enable Router2#conf t Router2(config)#interface ethernet0 Router2(config-if)#no ip access-group 1 in  Note: If you have not completed Lab 28: Verifying Standard Access Lists and you feel confident about configuring IP addresses and RIP, establish the configuration in the table below and then continue with step 10.
2. Connect to Router 1, assign it a host name of Router1, and set the IP address on the Ethernet 0 interface to 24.17.2.1 255.255.255.240. Set the IP address on the serial 0 interface to 24.17.2.17 255.255.255.240. Remember to enable both interfaces. Router>enable Router#conf t Router(config)#hostname Router1 Router1(config)#interface ethernet0 Router1(config-if)#ip address 24.17.2.1 255.255.255.240 Router1(config-if)#no shutdown Router1(config-if)#exit Router1(config)#interface serial0 Router1(config-if)#ip address 24.17.2.17 255.255.255.240 Router1(config-if)#no shutdown Router1(config-if)#exit Router1(config)#exit  3. Connect to Router 2, assign it a host name of Router2, and set the IP address on the Ethernet 0 interface to 24.17.2.2 255.255.255.240. Remember to enable the interface. Router>enable Router#config t Router(config)#hostname Router2 Router2(config)#interface ethernet0 Router2(config-if)#ip address 24.17.2.2 255.255.255.240 Router2(config-if)#no shutdown Router2(config-if)#exit Router2(config)#exit  4. Ping Router1’s Ethernet 0 interface to ensure that a connection exists. Router2#ping 24.17.2.1  5. Connect to Router 4, assign it a host name of Router4, and set the IP address on the serial 0 interface to 24.17.2.18 255.255.255.240. Then ping Router1’s serial 0 interface. Router>enable Router#conf t Router(config)#hostname Router4 Router4(config)#interface serial0 Router4(config-if)#ip address 24.17.2.18 255.255.255.240 Router4(config-if)#no shutdown Router4(config-if)#exit Router4(config)#exit Router4#ping 24.17.2.17  6. Now you need to implement a routing protocol to facilitate communication between Router2 and Router4. Enable Routing Information Protocol (RIP) on Router1, and add the network for Ethernet 0 and serial 0. Router1#config t Router1(config)#router rip Router1(config-router)#network 24.0.0.0 Router1(config-router)#exit Router1(config)#exit  7. On Router2, enable RIP and add the network for Ethernet 0. Router2#conf t Router2(config)#router rip Router2(config-router)#network 24.0.0.0 Router2(config-router)#exit Router2(config)#exit  8. On Router4, enable RIP and add the network for serial 0. Router4#conf t Router4(config)#router rip Router4(config-router)#network 24.0.0.0 Router4(config-router)#exit Router4(config)#exit 9. Verify that you can ping Router2’s Ethernet 0 interface from Router4. Router4#ping 24.17.2.2  10. The extended access lists you create should accomplish two things. First, allow only Telnet traffic from the subnet off of Router1’s serial 0 interface to come into Router1.Next, allow any traffic from Router1’s Ethernet 0 subnet to travel anywhere. Connect to Router1, and enter global configuration mode. Router1#conf t Router1(config)# 11. To allow only Telnet traffic from the 24.17.2.16 subnet, create access list 101. Use the log keyword to display output to the router every time this line on the access list is invoked. Router1(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log 12. To permit all traffic from the 24.17.2.0 subnet, create access list 102, and use the log keyword. Router1(config)#access-list 102 permit ip 24.17.2.0 0.0.0.15 any log  13. Now, apply these access lists to the interfaces. First, enter interface configuration mode for the serial 0 interface of Router1, and apply access list 101 inbound. Router1(config)#interface serial0 Router1(config-if)#ip access-group 101 in Router1(config-if)#exit 14. For Ethernet 0 on Router1, apply access list 102 inbound. Router1(config)#interface ethernet0 Router1(config-if)#ip access-group 102 in Router1(config-if)#exit  Note: To make sure the access lists are configured correctly, continue on to Lab 30: Verify Extended Access Lists without accessing the Lab Navigator. ******************************************************
本文出自 “大唐网络” 博客,请务必保留此出处http://redking.blog.51cto.com/27212/74769 本文出自 51CTO.COM技术博客 |
redking
博客统计信息
热门文章
最新评论
友情链接
