欧美一级特黄大片做受成人-亚洲成人一区二区电影-激情熟女一区二区三区-日韩专区欧美专区国产专区

命名訪問(wèn)控制列表詳解

命名訪問(wèn)控制列表詳解

渾江ssl適用于網(wǎng)站、小程序/APP、API接口等需要進(jìn)行數(shù)據(jù)傳輸應(yīng)用場(chǎng)景,ssl證書(shū)未來(lái)市場(chǎng)廣闊!成為創(chuàng)新互聯(lián)建站的ssl證書(shū)銷(xiāo)售渠道,可以享受市場(chǎng)價(jià)格4-6折優(yōu)惠!如果有意向歡迎電話聯(lián)系或者加微信:028-86922220(備注:SSL證書(shū)合作)期待與您的合作!

命名訪問(wèn)控制列表

本章目標(biāo):通過(guò)實(shí)驗(yàn)學(xué)會(huì)命名訪問(wèn)控制列表,添加訪問(wèn)控制,刪除訪問(wèn)控制

實(shí)驗(yàn)圖:

命名訪問(wèn)控制列表詳解

4臺(tái)主機(jī),一個(gè)二層交換機(jī),一個(gè)三層交換機(jī)
sw1:劃分VLAN,給VLAN配置接口,做trunk鏈路
sw2:劃分vlan,通過(guò)接口給vlan配置虛擬地址,做trunk鏈路,做命名訪問(wèn)控制
,關(guān)閉交換端口變成三層端口。
pc1:192.168.10.10/24
pc2:192.168.10.20/24
pc3:192.168.20.20/24
pc4:192.168.100.100/24

一.給二層交換機(jī)配置VLAN,給vlan配置接口,做trunk鏈路

sw1#conf t
sw1(config)#vlan 10,20
sw1(config-vlan)#do show vlan-sw b  //查看vlan詳細(xì)信息
sw1(config-vlan)#ex
sw1(config)#do show vlan-sw b

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
10   VLAN0010                         active    
20   VLAN0020                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw1(config)#int range fa1/1 -2
sw1(config-if-range)#sw mo acc         //進(jìn)入接口模式
sw1(config-if-range)#sw acc vlan 10  //配置vlan
sw1(config-if-range)#ex
sw1(config)#do show vlan-sw b 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/3, Fa1/4, Fa1/5
                                                Fa1/6, Fa1/7, Fa1/8, Fa1/9
                                                Fa1/10, Fa1/11, Fa1/12, Fa1/13
                                                Fa1/14, Fa1/15
10   VLAN0010                         active    Fa1/1, Fa1/2
20   VLAN0020                         active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
sw1(config)#int f1/3
sw1(config-if)#sw mo acc 
sw1(config-if)#sw acc vlan 20
sw1(config-if)#ex
sw1(config)#do show vlan-sw b

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/4, Fa1/5, Fa1/6
                                                Fa1/7, Fa1/8, Fa1/9, Fa1/10
                                                Fa1/11, Fa1/12, Fa1/13, Fa1/14
                                                Fa1/15
10   VLAN0010                         active    Fa1/1, Fa1/2
20   VLAN0020                         active    Fa1/3
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

sw1(config)#int f1/0
sw1(config-if)#sw mo t
sw1(config-if)#sw t en dot
sw1(config-if)#ex
sw1(config)#no ip routing  //關(guān)閉路由功能

二.進(jìn)入三層交換機(jī),劃分vlan,通過(guò)接口給vlan配置虛擬網(wǎng)址(需要關(guān)閉交換端口),配置trunk鏈路

sw2#conf t
sw2(config)#int f1/1
sw2(config-if)#no switchport //關(guān)閉交換端口
sw2(config-if)#ip add 192.168.100.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  up                    up      
FastEthernet1/1            192.168.100.1   YES manual up                    up      
FastEthernet1/2            unassigned      YES unset  up                    down    
FastEthernet1/3            unassigned      YES unset  up                    down    
FastEthernet1/4            unassigned      YES unset  up                    down    
FastEthernet1/5            unassigned      YES unset  up                    down    
FastEthernet1/6            unassigned      YES unset  up                    down    
FastEthernet1/7            unassigned      YES unset  up                    down    
FastEthernet1/8            unassigned      YES unset  up                    down    
FastEthernet1/9            unassigned      YES unset  up                    down    
FastEthernet1/10           unassigned      YES unset  up                    down    
FastEthernet1/11           unassigned      YES unset  up                    down    
FastEthernet1/12           unassigned      YES unset  up                    down    
FastEthernet1/13           unassigned      YES unset  up                    down    
FastEthernet1/14           unassigned      YES unset  up                    down    
FastEthernet1/15           unassigned      YES unset  up                    down    
Vlan1                      unassigned      YES unset  up                    up      
sw2(config-if)#ex 
sw2(config)#vlan 10,20
sw2(config-vlan)#ex
sw2(config)#int vlan 10
sw2(config-if)#ip add 192.168.10.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#ex
sw2(config)#int vlan 20
sw2(config-if)#ip add 192.168.20.1 255.255.255.0
sw2(config-if)#no shut
sw2(config-if)#ex
sw2(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  up                    up      
FastEthernet1/1            192.168.100.1   YES manual up                    up      
FastEthernet1/2            unassigned      YES unset  up                    down    
FastEthernet1/3            unassigned      YES unset  up                    down    
FastEthernet1/4            unassigned      YES unset  up                    down    
FastEthernet1/5            unassigned      YES unset  up                    down    
FastEthernet1/6            unassigned      YES unset  up                    down    
FastEthernet1/7            unassigned      YES unset  up                    down    
FastEthernet1/8            unassigned      YES unset  up                    down    
FastEthernet1/9            unassigned      YES unset  up                    down    
FastEthernet1/10           unassigned      YES unset  up                    down    
FastEthernet1/11           unassigned      YES unset  up                    down    
FastEthernet1/12           unassigned      YES unset  up                    down    
FastEthernet1/13           unassigned      YES unset  up                    down    
FastEthernet1/14           unassigned      YES unset  up                    down    
FastEthernet1/15           unassigned      YES unset  up                    down    
Vlan1                      unassigned      YES unset  up                    up      
Vlan10                     192.168.10.1    YES manual up                    down    
Vlan20                     192.168.20.1    YES manual up                    down    
sw2(config)#int f1/0
sw2(config-if)#sw mo t
sw2(config-if)#sw t en dot
sw2(config-if)#ex

三.給每個(gè)主機(jī)配置IP地址和網(wǎng)關(guān)

PC4> 
PC4> ip 192.168.100.100 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.100 255.255.255.0 gateway 192.168.100.1

PC1> ip 192.168.10.10 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.1

PC2> 
PC2> ip 192.168.10.20 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.20 255.255.255.0 gateway 192.168.10.1

PC3> ip 192.168.20.20 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.20 255.255.255.0 gateway 192.168.20.1

四.測(cè)試是不是全網(wǎng)互通

PC1> ping 192.168.100.100

168.100.100 icmp_seq=1 timeout
bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=14.997 ms
bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=15.984 ms
bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=16.953 ms
bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=20.978 ms

PC1> ping 192.168.10.20
bytes from 192.168.10.20 icmp_seq=1 ttl=64 time=0.000 ms
bytes from 192.168.10.20 icmp_seq=2 ttl=64 time=0.000 ms
bytes from 192.168.10.20 icmp_seq=3 ttl=64 time=0.979 ms
bytes from 192.168.10.20 icmp_seq=4 ttl=64 time=0.000 ms

PC1> ping 192.168.20.20
168.20.20 icmp_seq=1 timeout
bytes from 192.168.20.20 icmp_seq=2 ttl=63 time=14.960 ms
bytes from 192.168.20.20 icmp_seq=3 ttl=63 time=18.941 ms
bytes from 192.168.20.20 icmp_seq=4 ttl=63 time=15.956 ms
bytes from 192.168.20.20 icmp_seq=5 ttl=63 time=19.973 ms

五.進(jìn)入三層交換機(jī)配置命名訪問(wèn)控制列表

sw2(config)#ip access-list standard kgc  //進(jìn)入標(biāo)準(zhǔn)訪問(wèn)控制,命名叫kgc
sw2(config-std-nacl)#permit host 192.168.10.10  //允許10.10主機(jī)訪問(wèn)
sw2(config-std-nacl)#deny 192.168.10.0 0.0.0.255 //拒絕10.0網(wǎng)段主機(jī)訪問(wèn)
sw2(config-std-nacl)#permit any  //允許所有主機(jī)訪問(wèn)
sw2(config-std-nacl)#ex
sw2(config)#do show access-lists    //查看訪問(wèn)控制列表
Standard IP access list kgc
    10 permit 192.168.10.10
    20 deny   192.168.10.0, wildcard bits 0.0.0.255
    30 permit any
sw2(config)#int f1/1
sw2(config-if)#ip access-group kgc out  //應(yīng)用于接口,離限制最近的,如果我要設(shè)置為入,我需要設(shè)置三次,出就要一次就夠了
sw2(config-if)#ex

六.測(cè)試我們實(shí)驗(yàn)的需求是否生效

PC1> ping 192.168.100.100
84 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=18.941 ms
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=15.408 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=12.003 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=20.997 ms

PC3> ping 192.168.100.100
84 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=20.942 ms
84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=14.992 ms
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=13.963 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=14.925 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=21.940 ms

PC2> ping 192.168.100.100
*192.168.10.1 icmp_seq=1 ttl=255 time=8.972 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=2 ttl=255 time=10.971 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=3 ttl=255 time=5.987 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=4 ttl=255 time=10.969 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.10.1 icmp_seq=5 ttl=255 time=2.998 ms (ICMP type:3, code:13, Communication administratively prohibited)

七.我們?cè)偌右粭l需求,我們有允許10.20主機(jī)可以去訪問(wèn)

sw2(config)#ip access-list standard kgc
sw2(config-std-nacl)#12 permit host 192.168.10.20  //我們只能寫(xiě)10的上面或者10-20之間,我們要寫(xiě)到20下面就沒(méi)有任何意義,
已經(jīng)拒絕10.0網(wǎng)段的了再寫(xiě)10.20無(wú)意義。
sw2(config-std-nacl)#ex
sw2(config)#do show access-lists
Standard IP access list kgc
    10 permit 192.168.10.10 (8 matches)
    12 permit 192.168.10.20
    20 deny   192.168.10.0, wildcard bits 0.0.0.255 (10 matches)
    30 permit any (5 matches)

八.來(lái)測(cè)試PC2,10.20能不能訪問(wèn)pc4主機(jī)

PC2> ping 192.168.100.100
192.168.100.100 icmp_seq=1 timeout
192.168.100.100 icmp_seq=2 timeout
84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=20.970 ms
84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=17.950 ms
84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=18.008 ms

九.刪除訪問(wèn)控制列表的一條,如果要?jiǎng)h除整租ACL,no ip access-ist stand kgc

sw2(config)#ip access-list standard kgc
sw2(config-std-nacl)#no 12
sw2(config-std-nacl)#do show access-lists                                  
Standard IP access list kgc
    10 permit 192.168.10.10 (8 matches)
    20 deny   192.168.10.0, wildcard bits 0.0.0.255 (10 matches)
    30 permit any (5 matches)
sw2(config)#no ip access-list standard kgc            
sw2(config)#do show access-lists          

sw2(config)#

本章內(nèi)容結(jié)束,謝謝收看

分享標(biāo)題:命名訪問(wèn)控制列表詳解
本文URL:http://aaarwkj.com/article14/pegjge.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站排名軟件開(kāi)發(fā)、關(guān)鍵詞優(yōu)化、品牌網(wǎng)站建設(shè)、搜索引擎優(yōu)化App開(kāi)發(fā)

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

成都網(wǎng)頁(yè)設(shè)計(jì)公司
亚洲第一青青草原在线| 免费国产污网站在线观看| 国产一区二区欧美久久| 国产精品网站在线观看| 亚洲精品一品区二品区三区| 麻豆国产传媒69国产| 在线日韩观看免费av| 日韩中文字幕精品一区| 日韩久久精品五月综合| 女同av免费观看网站| 不卡视频一区二区日韩| 未满18周岁禁止观看视频| 国产精品国产亚洲精品| 中文乱幕亚洲无套内射| 激情欧美精品桃桃激情| 中文字幕中文字幕乱码| 久久国产精品成人免费蜜臀| 激情综合婷婷中文字幕| 免费黄色日韩在线观看| 在线观看免费国产不卡| 精品亚洲第一区二区免费在线| 日韩在线欧美在线一区二区| 国产日韩久久免费电影| 91极品气质女神长腿翘臀| 精品av一区二区在线| 亚洲熟女少妇淫语高潮| 午夜一区二区三区精品| 国产精品亚洲av在线| 国产精品亚洲国产精品| 在线高清中文字幕三区| 国产精品国产三级国产普通话99| 精品国产美女主播在线| 91九色国产在线视频| 日韩高清伦理一区二区| 后入视频国产在线观看| 一区二区三区在线观看日本视频| 国产日韩欧美亚洲中文| 国产成人综合亚洲一区| 国产乱国产乱老熟部视频| 亚洲天堂网免费在线看| 亚洲最大成人av在线|