天下网吧 >> 网吧方案 >> 网络方案 >> 正文

Cisco自反控制列表的应用

55.255.255.0

  ip access-group infilter in

  clock rate 64000

  !

  interface Serial1/1

  ip address 1.1.1.2 255.255.255.0

  ip access-group outfilter in

  注意:内外方向列表的应用不一定要在同一个接口下。

  Ok,我们现在R1上测试一下ping结果:

  R1#ping 2.2.2.2

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

  !!!!!

  Success rate is 100 percent (5/5), round-trip min/avg/max = 136/213/268 ms

  R1#ping 30.1.1.1

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:

  !!!!!

  Success rate is 100 percent (5/5), round-trip min/avg/max = 72/164/268 ms

  R1#

  再测试一下telnet结果:

  R1#

  R1#telnet 2.2.2.2

  Trying 2.2.2.2 ... Open

  User Access Verification

  Username: test

  Password:

  R3#

  R1#telnet 30.1.1.1

  Trying 30.1.1.1 ... Open

  User Access Verification

  Username: test

  Password:

  R3#(结果全部ok,符合题目要求)

  我们再在R3执行相同的测试:

  R3#

  R3#ping 1.1.1.1

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

  U.U.U

  Success rate is 0 percent (0/5)

  R3#ping 10.1.1.1

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

  U.U.U

  Success rate is 0 percent (0/5)

  R3#telnet 1.1.1.1

  Trying 1.1.1.1 ...

  % Destination unreachable; gateway or host down

  R3#telnet 10.1.1.1

  Trying 10.1.1.1 ...

  % Destination unreachable; gateway or host down

  R3#(由于不能允许由外部直接发起的流量通过,所以测试全部失败,但结果是正确的,对吗?)

  这里只是个简单的配置,目的是给大家演示一下配置步骤,具体情况还要自己在实验当中细细体会。

上一页  [1] [2] 

本文来源:天下网吧 作者:网吧方案

声明
声明:本站所发表的文章、评论及图片仅代表作者本人观点,与本站立场无关。若文章侵犯了您的相关权益,请及时与我们联系,我们会及时处理,感谢您对本站的支持!联系Email:support@txwb.com,系统开号,技术支持,服务联系QQ:1175525021本站所有有注明来源为天下网吧或天下网吧论坛的原创作品,各位转载时请注明来源链接!
天下网吧·网吧天下