ACL的配置

ACL的配置

配置标准IPv4 ACL

R1

router ospf 1

router-id 1.1.1.1

net 172.16.1.1 0.0.0.0 area 0

net 172.16.2.1 0.0.0.0 area 0

net 172.16.12.1 0.0.0.0 area 0

pasive-interface g0/0

pasive-interface g0/1

access-list 2 remask ONLY HOST PC1

access-list 2 permit host 172.16.1.100

line vty 0 4

access-class 2 in

password cisco123

privilege level 15

login

R2

router ospf 1

router-id 2.2.2.2

net 172.16.12.1 0.0.0.0 area 0

net 172.16.23.1 0.0.0.0 area 0

exit

access-list 2 remask ONLY HOST PC1

access-list 2 permit host 172.16.1.100

line vty 0 4

access-class 2 in

password cisco

privilege level 15

login

R3

router ospf 1

router-id 3.3.3.3

net 172.16.23.3 0.0.0.0 area 0

net 172.16.16.3 0.0.0.0 area 0

pasive-interface g0/0

access-list 2 remask ONLY HOST PC1

access-list 2 permit host 172.16.1.100

access-list 1 remask DENY NETWORK 172.16.2.0 FROM R1

access-list 1 deny 172.16.2.0 0.0.0.255 log

access-list 1 permit any

int g0/0

ip access-group 1 out

line vty 0 4

access-class 2 in

password cisco

privilege level 15

login

R1

ping 172.16.3.100

ping 172.16.3.100 source 172.16.2.1

R3

show ip int g0/0

配置扩展的Ipv4 ACL

access-list 110 remask This an example for IPv4 extended ACL

access-list 110 deny tcp 172.16.1.0 0.0.0.255 host 172.16.3.100 eq 80

access-list 110 deny tcp 172.16.2.0 0.0.0.255 host 172.16.3.100 eq 21

access-list 110 deny tcp 172.16.2.0 0.0.0.255 host 172.16.3.100 eq 20

access-list 110 deny tcp 172.16.1.0 0.0.0.255 host 172.16.3.100 eq 53

access-list 110 deny tcp 172.16.1.0 0.0.0.255 host 172.16.3.100 eq 23

access-list 110 deny tcp 172.16.1.0 0.0.0.255 host 172.16.3.100 eq 23