配置访问控制列表ACL
拓扑结构
拓扑结构如下:
要配置一个ACL,禁止PC0访问PC3,禁止PC4访问PC0,其它正常。
配置Router0
配置接口IP地址:
shell
interface fastethernet 0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
interface fastethernet 0/1
ip address 10.0.0.1 255.255.255.0
no shutdown创建并配置ACL:禁止pc0访问pc3
shell
access-list 100 deny ip host 192.168.1.2 host 192.168.2.2
access-list 100 permit ip any any应用ACL到接口:
shell
interface fastethernet 0/0
ip access-group 100 in
end
show access-list配置Router1
- 配置接口IP地址:
shell
interface fastethernet 0/0
ip address 192.168.2.1 255.255.255.0
no shutdown
interface fastethernet 0/1
ip address 10.0.0.2 255.255.255.0
no shutdown创建并配置ACL:禁止pc4访问pc0
shell
access-list 101 deny ip host 192.168.2.3 host 192.168.1.2
access-list 101 permit ip any any应用ACL到接口:
shell
interface fastethernet 0/0
ip access-group 101 in
end
show access-list验证配置
在Router5上查看ACL配置:
shell
show access-lists 100在Router6上查看ACL配置:
shell
show access-lists 101测试连接:
从PC0 ping PC3,失败:
ping 192.168.2.2
从PC0 ping 其它pc,成功:
从PC4 ping PC0,失败:
ping 192.168.1.2
从PC4 ping 其它pc,成功:
