This LAB is Name access control list , only permit host C3 (IP : 192.168.1.3/24) to access Server S1(IP : 172.22.0.10/24) user port 80, and other hosts can not access S1 use port 80.
NAME IP/MASK GATEWAY MAC LPORT RHOST:PORT
C1 192.168.1.1/24 192.168.1.254 00:50:79:66:68:00 20000 127.0.0.1:30000
fe80::250:79ff:fe66:6800/64
C2 192.168.1.2/24 192.168.1.254 00:50:79:66:68:01 20001 127.0.0.1:30001
fe80::250:79ff:fe66:6801/64
C3 192.168.1.3/24 192.168.1.254 00:50:79:66:68:02 20002 127.0.0.1:30002
fe80::250:79ff:fe66:6802/64
2001:2::1/64
S1 172.22.0.10/24 172.22.0.254 00:50:79:66:68:03 20003 127.0.0.1:30003
fe80::250:79ff:fe66:6803/64
2001:2::2/64
S2 172.22.0.11/24 172.22.0.254 00:50:79:66:68:04 20004 127.0.0.1:30004
fe80::250:79ff:fe66:6804/64
2001:3::2/64
C1> ping 172.22.0.10
172.22.0.10 icmp_seq=1 timeout
172.22.0.10 icmp_seq=2 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=63.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=63.000 ms
C1> ping 172.22.0.10 -3 -p 80
*192.168.1.254 tcp_seq=1 ttl=255 time=47.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=3 ttl=255 time=31.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=5 ttl=255 time=46.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
C2> ping 172.22.0.10
172.22.0.10 icmp_seq=1 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=2 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=94.000 ms
C2>ping 172.22.0.10 -3 -p 80
*192.168.1.254 tcp_seq=1 ttl=255 time=93.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=3 ttl=255 time=47.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
*192.168.1.254 tcp_seq=5 ttl=255 time=47.000 ms (ICMP type:3, code:13, Communica
tion administratively prohibited)
C3> ping 172.22.0.10
172.22.0.10 icmp_seq=1 ttl=63 time=78.000 ms
172.22.0.10 icmp_seq=2 ttl=63 time=63.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=63.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=62.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=109.000 ms
C3> ping 172.22.0.10 -3 -p 80
Connect 80@172.22.0.10 seq=1 ttl=63 time=93.000 ms
SendData 80@172.22.0.10 seq=1 ttl=63 time=78.000 ms
Close 80@172.22.0.10 seq=1 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=2 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=2 ttl=63 time=79.000 ms
Close 80@172.22.0.10 seq=2 ttl=63 time=94.000 ms
Connect 80@172.22.0.10 seq=3 ttl=63 time=79.000 ms
SendData 80@172.22.0.10 seq=3 ttl=63 time=94.000 ms
Close 80@172.22.0.10 seq=3 ttl=63 time=110.000 ms
Connect 80@172.22.0.10 seq=4 ttl=63 time=78.000 ms
SendData 80@172.22.0.10 seq=4 ttl=63 time=62.000 ms
Close 80@172.22.0.10 seq=4 ttl=63 time=125.000 ms
Connect 80@172.22.0.10 seq=5 ttl=63 time=62.000 ms
SendData 80@172.22.0.10 seq=5 ttl=63 time=62.000 ms
Close 80@172.22.0.10 seq=5 ttl=63 time=110.000 ms
nameacl#show access-lists acl-out
Extended IP access list acl-out
10 permit tcp host 192.168.1.3 host 172.22.0.10 eq www (25 matches)
20 deny tcp any host 172.22.0.10 eq www (12 matches)
30 permit ip any any (15 matches)
nameacl#
================================
!
hostname nameacl
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.22.0.254 255.255.255.0
ip access-group acl-out out
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
!
!
ip access-list extended acl-out
permit tcp host 192.168.1.3 host 172.22.0.10 eq www
deny tcp any host 172.22.0.10 eq www
permit ip any any
!
logging alarm informational
!
!
end
================================
沒有留言:
張貼留言