基于Cisco的动态ACL自反ACL配置

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

动态ACL---lockandkey主机C1关联到物理机的回环网卡。其他网卡禁用,避免ping外网时IP地址或网关相互冲突!步骤:1.设置连通性:在R2上配置缺省路由,检查全网连通性,C1能ping通R1、R2;2.在R1上配置动态ACL:usernamexusecretxupa55access-list101permittcpanyhost192.168.1.1eqtelnetaccess-list101dynamictestlisttimeout15permitip192.168.1.00.0.0.25510.0.0.00.0.0.255linevty04loginlocalautocommandaccess-enablehosttimeout53.验证配置结果C1在telnet到R1之前,C1不能ping通R1、R2;在C1在telnet到R1,通过验证后,telnet连接断开,ACL自动添加一条新的规则。此时,再次尝试C1应该能ping通R1、R2;(证明通过验证后能访问内网了。)反复对比R1#showaccess-lists101这条命令的执行结果,查看变化。R1#showaccess-lists101ExtendedIPaccesslist10110permittcpanyhost192.168.1.1eqtelnet(93matches)20Dynamictestlistpermitip192.168.1.00.0.0.25510.0.0.00.0.0.255permitip192.168.1.2000.0.0.25510.0.0.00.0.0.255自反ACL主机C1关联到物理机的回环网卡。其他网卡禁用,避免ping外网时IP地址或网关相互冲突!步骤:1.设置连通性:在R2上配置缺省路由,检查全网连通性,C1能ping通R1、R2;2.在R2上配置web服务:usernamexuaprivilege15secretxuapa55iphttpserveriphttpauthenticationlocal3.在R1上配置自反ACL:interfaceFastEthernet0/1ipaddress10.0.0.2255.255.255.0ipaccess-groupexternal_ACLinipaccess-groupinternal_ACLout!ipaccess-listextendedexternal_ACLevaluateweb-only-reflect-ACLdenyipanyanyipaccess-listextendedinternal_ACLpermittcpanyanyeq.验证结果(内部主机ping不通外部web服务器,但是可以用浏览器发起访问;外部ping不通内部,不允许外部发起的访问)R1#shaccess-listsinternal_ACLExtendedIPaccesslistinternal_ACL10permittcpanyanyeq(3matches)R1#shaccess-listsexternal_ACLExtendedIPaccesslistexternal_ACL10evaluateweb-only-reflect-ACL20denyipanyanyR1#shaccess-listsinternal_ACLExtendedIPaccesslistinternal_ACL10permittcpanyanyeq(6matches)R1#shaccess-listsexternal_ACLExtendedIPaccesslistexternal_ACL10evaluateweb-only-reflect-ACL20denyipanyanyR1#shaccess-listsexternal_ACLExtendedIPaccesslistexternal_ACL10evaluateweb-only-reflect-ACL20denyipanyany(12matches)R1#shaccess-listsinternal_ACLExtendedIPaccesslistinternal_ACL10permittcpanyanyeq(41matches)20denyipanyany(6matches)R1#shaccess-listsexternal_ACLExtendedIPaccesslistexternal_ACL10evaluateweb-only-reflect-ACL20denyipanyany(12matches)

1 / 3
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功