快捷搜索:  as  test  1111  test aNd 8=8  test++aNd+8=8  as++aNd+8=8  as aNd 8=8

博发娱乐官方官网唯一_集报网



RACL的设置设置设备摆设摆设:

初始设置设置设备摆设摆设:

R1:

interface s1/1

ip address 192.168.12.1 255.255.255.0

no shut

ip route 192.168.23.0 255.255.255.0 192.168.12.2

line vty 0 4

password fangtao

login

R2:

interface s1/0

ip address 192.168.12.2 255.255.255.0

no shut

interface s1/1

ip博发娱乐官方官网唯一 address 192.168.23.2 255.255.255.0

no shut

R3:

interface s1/0

ip address 192.168.23.3 255.255.255.0

no shut

ip route 192.168.12.0 255.255.255.0 192.168.23.2

line vty 0 4

password fangtao

login

在R2上设置设置设备摆设摆设RACL:

ip 博发娱乐官方官网唯一access-list extended INTERNAL

permit icmp any any reflect RACL_icmp

permit tcp any any reflect RACL_tcp

deny ip any any

exit

ip access-list extended EXTERNAL

evaluate RACL_icmp

evaluate RACL_tcp

deny ip any any

exit

在R2的外部接口s1/1上激活RACL

interface s1/1

ip access-group INTERNAL out

ip access-group EXTERNAL in

exit

查看R2的ACL:

r2#sh access-list

Extended IP access list EXTERNAL

10 evaluate RACL_icmp

20 evaluate RACL_tcp

30 deny ip any any

Extended IP access list INTERNAL

10 permit icmp any any reflect RACL_icmp

20 permit tcp any any reflect RACL_tcp

30 deny ip any any

Reflexive IP access list RACL_icmp

Reflexive IP access list RACL_tcp

在R3上ping R1:

r3#ping 192.168.12.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:

U.U.U

Success rate is 0 percent (0/5)

无法ping 通,由于外部接口上的ACL回绝了该ping包

现在在R1上ping R3:

r1#ping 192.168.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/63/100 ms

这下查看R2的ACL,发明RACL_icmp条款中多了一条临时的ACL

r2#sh access-list

Extended IP access list EXTERNAL

10 evaluate RACL_icmp

20 evaluate RACL_tcp

30 deny ip any any (22 matches)

Extended IP access list INTERNAL

10 permit icmp any any reflect RACL_icmp (20 matches)

20 permit tcp any any reflect RACL_tcp

30 deny ip any any

Reflexive IP access list RACL_icmp

permit icmp host 192.168.23.3 host 192.168.12.1(19 matches) (time left 297)

Reflexive IP access list RACL_tcp

再用telnet做演示:

在R3上telnet R1:

r3#telnet 192.168.12.1

Trying 192.168.12.1 ...

% Destination unreachable; gateway or host down

此时从 R1上telnet R3:

r1#telnet 192.168.23.3

Trying 192.168.23.3 ... Open

User Access Verification

Password:

r3>

在R2上查看ACL可以发明,RACL_tcp 中多了一条临时的ACL:

r2#sh access-list

Extended IP access list EXTERNAL

10 evaluate RACL_icmp

20 evaluate RACL_tcp

30 deny ip any any (37 matches)

Extended IP access list INTERNAL

10 permit icmp any any reflect RACL_icmp (31 matches)

20 permit tcp any any reflect RACL_tcp (141 matches)

30 deny ip any any

Reflexive IP access list RACL_icmp

permit icmp host 192.168.23.3 host 192.168.12.1(19 matches) (time left 277)

Reflexive IP access list RACL_tcp

permit tcp host 192.168.23.3 eq telnet host 192.168.12.1 eq 28109 (51 matches) (time left 297)

CBAC的设置设置设备摆设摆设:

初始设置设置设备摆设摆设同上面的RACL

现在在R2上设置设置设备摆设摆设CBAC:

ip access-list extended EXTERNAL

deny icmp any博发娱乐官方官网唯一 any

deny tcp any any

deny ip any any

exit

ip inspect name CBAC icmp

ip inspect name CBAC tcp

在R2的外部接口s1/1上激活CBAC:

interface s1/1

ip access-group EXTERNAL in

ip inspect CBAC out

exit

此时查看CBAC状态表,发明什么也没有

r2#sh ip inspect sessions

r2#

在R3 上ping R1:

r3#ping 192.168.12.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 second博发娱乐官方官网唯一s:

U.U.U

Success rate is 0 percent (0/5)

再在R1 上 ping R3:

r1#ping 192.168.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/119/300 ms

此时再查看CBAC的状态表:

r2#sh ip inspect sessions

Established Sessions

Session 65F31950 (192.168.12.1:8)=>(192.168.23.3:0) icmp SIS_OPEN

r2#

同样,R1能够telnet到R3:

r1#telnet 192.168.23.3

Trying 192.168.23.3 ... Open

User Access Verification

Password:

r3>

然则,R3却不能telnet到R1:

r3#telnet 192.168.12.1

Trying 192.168.12.1 ...

% D博发娱乐官方官网唯一estination unreachable; gateway or host down

查看CBAC状态表:

r2#sh ip inspect sessions

Established Sessions

Session 65F31690 (192.168.12.1:39966)=>(192.168.23.3:23) tcp SIS_OPEN

r2#

免责声明:以上内容源自网络,版权归原作者所有,如有侵犯您的原创版权请告知,我们将尽快删除相关内容。

您可能还会对下面的文章感兴趣: