配置访问控制列表ACL
拓扑结构
拓扑结构如下:
要配置一个ACL,禁止PC0访问PC3,禁止PC4访问PC0,其它正常。
配置Router0
配置接口IP地址:
interface fastethernet 0/0
ip address 192.168.1.1 255.255.255.0
no shutdowninterface fastethernet 0/1
ip address 10.0.0.1 255.255.255.0
no shutdown
创建并配置ACL:禁止pc0访问pc3
access-list 100 deny ip host 192.168.1.2 host 192.168.2.2
access-list 100 permit ip any any
应用ACL到接口:
interface fastethernet 0/0
ip access-group 100 in
end
show access-list
配置Router1
- 配置接口IP地址:
interface fastethernet 0/0
ip address 192.168.2.1 255.255.255.0
no shutdowninterface fastethernet 0/1
ip address 10.0.0.2 255.255.255.0
no shutdown
创建并配置ACL:禁止pc4访问pc0
access-list 101 deny ip host 192.168.2.3 host 192.168.1.2
access-list 101 permit ip any any
应用ACL到接口:
interface fastethernet 0/0
ip access-group 101 in
end
show access-list
验证配置
在Router5上查看ACL配置:
show access-lists 100
在Router6上查看ACL配置:
show access-lists 101
测试连接:
从PC0 ping PC3,失败:
ping 192.168.2.2
从PC0 ping 其它pc,成功:
从PC4 ping PC0,失败:
ping 192.168.1.2
从PC4 ping 其它pc,成功:
