This LAB is extended access control list , only permit host C3 (IP : 192.168.1.3/24) to access Server S1(IP : 172.22.0.10/24) user port 80, and other hosts can not access S1 use port 80.
C1> ping 172.22.0.10
172.22.0.10 icmp_seq=1 timeout
172.22.0.10 icmp_seq=2 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=63.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=79.000 ms
C1> ping 172.22.0.10 -3 -p 80
*192.168.1.254 tcp_seq=1 ttl=255 time=63.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=3 ttl=255 time=79.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=5 ttl=255 time=63.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
C3> ping 172.22.0.10
172.22.0.10 icmp_seq=1 timeout
172.22.0.10 icmp_seq=2 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=63.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=79.000 ms
C3> ping 172.22.0.10 -3 -p 80
Connect 80@172.22.0.10 seq=1 ttl=63 time=94.000 ms
SendData 80@172.22.0.10 seq=1 ttl=63 time=63.000 ms
Close 80@172.22.0.10 seq=1 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=2 ttl=63 time=93.000 ms
SendData 80@172.22.0.10 seq=2 ttl=63 time=62.000 ms
Close 80@172.22.0.10 seq=2 ttl=63 time=78.000 ms
Connect 80@172.22.0.10 seq=3 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=3 ttl=63 time=78.000 ms
Close 80@172.22.0.10 seq=3 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=4 ttl=63 time=94.000 ms
SendData 80@172.22.0.10 seq=4 ttl=63 time=63.000 ms
Close 80@172.22.0.10 seq=4 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=5 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=5 ttl=63 time=79.000 ms
Close 80@172.22.0.10 seq=5 ttl=63 time=125.000 ms
=======================================
extacl#
extacl#sh access-lists 100
Extended IP access list 100
10 permit tcp host 192.168.1.3 host 172.22.0.10 eq www (25 matches)
20 deny tcp any host 172.22.0.10 eq www (6 matches)
30 permit ip any any (5 matches)
extacl#
=======================================
!
hostname extacl
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.22.0.254 255.255.255.0
ip access-group 100 out
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
access-list 100 permit tcp host 192.168.1.3 host 172.22.0.10 eq www
access-list 100 deny tcp any host 172.22.0.10 eq www
access-list 100 permit ip any any
!
!
!
end
=======================================
沒有留言:
張貼留言