13.7 ACL实验

项目拓扑：

IP地址规划：

项目配置：

R1:

en

conf t

hostname R1

ip domain-name cjgy.com

enable sec cisco

cry k g rsa g m 1024

user Admin sec 123456

line vty 0 4

tran input ssh

login local

exi

int g0/0

no sh

ip add 192.168.1.254 255.255.255.0

exi

int g0/1

no sh

ip add 192.168.2.254 255.255.255.0

exi

int s0/3/0

no sh

ip add 100.1.100.1 255.255.255.252

exi

route ospf 1

network 192.168.1.0 0.0.0.255 a 0

net 192.168.2.0 0.0.0.255 a 0

net 100.1.100.0 0.0.0.3 a 0

exi

ip ac ex ew

permit tcp 192.168.1.1 0.0.0.254 host 172.16.1.2 eq www

permit tcp 192.168.2.0 0.0.0.254 host 172.16.1.2 eq www

deny tcp any host 172.16.1.2 eq www

permit ip any any

exi

ip ac ex ea

permit tcp 192.168.1.0 0.0.0.255 host 100.1.100.1 eq 22

deny tcp any host 100.1.100.1 eq 22

permit ip any any

int s0/3/0

ip ac ew out

int g0/0

ip ac ea in

int g0/1

ip ac ea in

R2:

en

conf t

hostname R2

int s0/3/0

no sh

ip add 100.1.100.2 255.255.255.252

exi

int g0/0

no sh

ip add 172.16.1.1 255.255.255.252

exi

route ospf 1

net 100.1.100.0 0.0.0.3 a 0

net 172.16.1.0 0.0.0.3 a 0

SW1:

en

conf t

hostname S1

ip domain-name cjgy.com

enable sec cisco

cry k g rsa g m 1024

user Admin sec 123456

line vty 0 4

tran input ssh

login local

exi

int vlan 1

ip add 192.168.1.11 255.255.255.0

no sh

exi

ip de 192.168.1.254

SW2:

en

conf t

hostname S2

ip domain-name cjgy.com

enable sec cisco

cry k g rsa g m 1024

user Admin sec 123456

line vty 0 4

tran input ssh

login local

exi

int vlan 1

ip add 192.168.2.11 255.255.255.0

no sh

exi

ip de 192.168.2.254

更新: 2025-03-11 14:09:42
原文: https://www.yuque.com/yuhui.net/network/ffnoypcyu9pyrv5n