資源描述:
《動態(tài)訪問列表的應(yīng)用》由會員上傳分享��,免費在線閱讀����,更多相關(guān)內(nèi)容在行業(yè)資料-天天文庫。
1���、動態(tài)訪問列表的應(yīng)用實驗拓撲:實驗一:基本的動態(tài)訪問列表的應(yīng)用(手動激活)1.試驗說明:使用3臺路由器�,R1模擬一個內(nèi)網(wǎng)用戶;R2模擬網(wǎng)關(guān)����;R3模擬外網(wǎng)的一臺服務(wù)器。R2上已經(jīng)做了策略禁止R1遠程登陸到R3���,它只允許R1遠程登陸到R2上,然后激活一個動態(tài)訪問列表����。這個動態(tài)訪問表是臨時性的,它允許R1在一個特定的時間內(nèi)可以登陸到R3上���,現(xiàn)在進行配置2.初始配置:R1interfaceEthernet0/0ipaddress192.168.12.1255.255.255.0interfaceLoopback0ipaddress1.1.1.1255.255.255.255
2�����、iproute192.168.23.0255.255.255.0192.168.12.2iproute3.3.3.3255.255.255.255192.168.12.2R2interfaceEthernet0/0ipaddress192.168.12.2255.255.255.0interfaceEthernet0/1ipaddress192.168.23.2255.255.255.0R3interfaceEthernet0/1ipaddress192.168.23.3255.255.255.0interfaceLoopback0ipaddress3.3.3.3
3�、255.255.255.255iproute192.168.12.0255.255.255.0192.168.23.2iproute1.1.1.1255.255.255.255192.168.23.2r1#telnet192.168.23.3Trying192.168.23.3...Openr3>現(xiàn)在R1可以直接登陸到R3上����。2在R2上配置ACL禁止R1登陸到R3,只允許它登陸到R2上。r2(config)#ipaccess-listextendedDENYr2(config-ext-nacl)#permiticmpanyanyr2(config-ext-nacl
4��、)#permittcphost192.168.12.1host192.168.12.2eqtelnetr2(config)#inte0/0r2(config-if)#ipaccess-groupDENYinr1#telnet192.168.23.3Trying192.168.23.3...%Destinationunreachable;gatewayorhostdownr1#telnet192.168.12.2Trying192.168.12.2...Openr2>現(xiàn)在R1就無法登陸R3了�����,只能登陸R23.在R2上建立動態(tài)訪問列表允許R1可以動態(tài)的暫時的登陸到R3
5����、r2(config)#ipaccess-listextendedDENYr2(config-ext-nacl)#dynamicDYNtimeout3permittcphost192.168.12.1host192.168.23.3eqtelnet以上語句就是在命名列表DENY中建立一條名為DYN的動態(tài)列表項,Timeout值表示動態(tài)列表項被激活后只能存在3分鐘�����,之后將消失?����,F(xiàn)在在R1上嘗試登陸R3r1#telnet192.168.23.3Trying192.168.23.3...%Destinationunreachable;gatewayorhostdown結(jié)果
6�、依然失敗,這是因為剛建立的動態(tài)列表還需要激活�。r1#telnet192.168.12.2Trying192.168.12.2...Openr2>access-enable???????注意:此命令只能在VTY線程下輸入完成激活,現(xiàn)在再次登陸R3r1#telnet192.168.23.3Trying192.168.23.3...Openr3>這次可以成功登陸了?����,F(xiàn)在到R2上查看一下訪問列表r2#shipaccess-listsExtendedIPaccesslistDENY???permiticmpanyany???permittcphost192.168.12.1
7、host192.168.12.2eqtelnet(153matches)???DynamicDYNpermittcphost192.168.12.1host192.168.23.3eqtelnet????permittcphost192.168.12.1host192.168.23.3eqtelnet(10matches)可以看到這時出現(xiàn)了一條動態(tài)列表項��,允許R1登陸到R3上���。過了3分多鐘�,再次查看r2#shipaccess-listsExtendedIPaccesslistDENYpermiteigrpanyany(516matches)???permiticm
8���、panya
