基于时间的ACL配置实验

合集下载

相关主题

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

【网络拓扑结构图】

【实验步骤】

1、配置设备接口模块

2、连接设备

设备连接说明

3、配置设备内部参数

3.1 RouterA路由器参数配置

<配置命令>

Route>

Route>en

Route#confi

Enter configuration commands, one per line. End with CNTL/Z.

Route(config)#int e 0/0

Route(config-if)#ip address 172.16.1.2 255.255.255.0

Route(config-if)#no shut

Route(config-if)#

changed state to up

Route(config-if)#exi

Route(config)#int e 0/1

Route(config-if)#ip address 160.16.1.2 255.255.255.0

Route(config-if)#no shut

Route(config-if)#

Route(config-if)#end

<输出配置结果>

Route#show ip int bri

Interface IP-Address OK? Method Status Protocol Ethernet0/0 172.16.1.2 YES NVRAM up up Ethernet0/1 160.16.1.2 YES NVRAM up up Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down

3.2配置路由器时钟

Route#show clock

*00:09:26.819 UTC Fri Mar 1 2002

Route#clock set 16:03:40 27 april 2006

Route#

*Apr 27 16:03:40.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:10:05 UTC Fri Mar 1 2002 to 16:03:40 UTC Thu Apr 27 2006, configured from console by console.

Route#show clock

16:03:47.975 UTC Thu Apr 27 2006

3.3定义时间段

Route#

Route#confi

Enter configuration commands, one per line. End with CNTL/Z.

Route(config)#time-range ganfeikun

Route(config-time-range)#absolute start 8:00 1 jan 2006 end 18:00 30 dec 2010

Route(config-time-range)#periodic daily 0:00 to 9:00

Route(config-time-range)#periodic daily 17:00 to 23:59

Route(config-time-range)#end

<输出时间段配置>

Route#

Apr 27 16:06:31.967: %SYS-5-CONFIG_I: Configured from console by console

Route#show time-range

time-range entry: ganfeikun (inactive)

absolute start 08:00 01 January 2006 end 18:00 30 December 2010

periodic daily 0:00 to 9:00

periodic daily 17:00 to 23:59

3.4定义访问控制列表规则

Route#confi

Enter configuration commands, one per line. End with CNTL/Z.

Route(config)#access-list 100 permit ip any host 160.16.1.1

Route(config)#access-list 100 permit ip any any time-range freetime

Route(config)#end

<输出访问控制列表配置>

Route#

Apr 27 16:09:36.211: %SYS-5-CONFIG_I: Configured from console by console Route#show access-lists

Extended IP access list 100

10 permit ip any host 160.16.1.1

20 permit ip any any time-range freetime (active)

3.5将访问列表规则应用在接口上

Route#confi

Enter configuration commands, one per line. End with CNTL/Z.

Route(config)#int e0/0

Route(config-if)#ip access-group 100 in

Route(config-if)#end

Route#

Apr 27 16:12:21.743: %SYS-5-CONFIG_I: Configured from console by console <查看f0/0上的应用规则>

Route#show ip int e0/0

Ethernet0/0 is up, line protocol is up

Internet address is 172.16.1.2/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is 100

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

3.6配置PC主机与Server主机的ip参数