Лабораторная работа №14 Списки доступа ip

Роутер 1:

На router1 настраиваем стандартный список доступа IP, который разрешает трафик от подсети 175.10.1.0.

%LINK-3-UPDOWN: Interface Serial0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

%LINK-3-UPDOWN: Interface Ethernet0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up

%LINK-3-UPDOWN: Interface Bri0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Bri0, changed state to up

router1(config-line)#

router1(config-line)#^Z

%SYS-5-CONFIG_I: Configured from console by console

На маршрутизаторе 1 настраиваем расширенный список доступа, который позволит прозваниваться и от маршрутизатора 4.

router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

router1(config)#access-list 1 permit 175.10.1.0 0.0.0.255

router1(config)#interface serial0

router1(config-if)#ip access-group 1 in

router1(config-if)#exit

router1(config)#access-list 100 permit tcp host 175.10.1.2 any eq telnet

router1(config)#access-list 100 permit icmp host 180.10.1.2 any

router1(config)#interface serial0

router1(config-if)#no ip access-group 1 in

router1(config-if)#ip access-group 100 in

Роутер 3:

%LINK-3-UPDOWN: Interface Serial0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

%LINK-3-UPDOWN: Interface Serial1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up

%LINK-3-UPDOWN: Interface Ethernet0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up

router3(config-router)#

router3(config-router)#^Z

%SYS-5-CONFIG_I: Configured from console by console

Прозваниваем и используем команду telnetотrouter3 иrouter4 кrouter2.Router3 (175.10.1.2) должен быть доступен поtelnet, но при этом не прозваниваться.Router4 (180.10.1.2) должен быть способен прозвонить router2, но не доступен поtelnet.

router3#ping 160.10.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 160.10.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

router3#telnet 160.10.1.2

Trying 160.10.1.2 ... Open

router2>disconnect 1

Closing connection to 160.10.1.2

router2>exit

[Connection to closed by foreign host]

router3#disconnect 1

% No connections open

router3#ping 160.10.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 160.10.1.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5), round-trip min/avg/max = 1/2/4 ms

router3#telnet 160.10.1.2

Trying 160.10.1.2 ... Open

router2>

router2>exit

[Connection to 160.10.1.2 closed by foreign host]

Роутер 4:

%LINK-3-UPDOWN: Interface Serial0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

%LINK-3-UPDOWN: Interface Ethernet0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up

router4(config-router)#p^Z

%SYS-5-CONFIG_I: Configured from console by console

router4#ping 160.10.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 160.10.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

router4#telnet 160.10.1.2

Trying 160.10.1.2 ... Open

router2>

router2>exit

[Connection to 160.10.1.2 closed by foreign host]

router4#disconnect 2

% No connections open

router4#show sessions

% No connections open

router4#ping 160.10.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 160.10.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

router4#telnet 160.10.1.2

Trying 160.10.1.2 ...

% Destination unreachable; gateway or host down