2014年2月23日 星期日

Standard Access Control List

Standard Access Control List
This LAB objective is permit host C3 (IP address : 192.168.1.3/24) to access the network prefix 172.22.0.0/24 , other hosts are denied.


NAME   IP/MASK              GATEWAY           MAC                LPORT  RHOST:PORT
C1  192.168.1.1/24       192.168.1.254     00:50:79:66:68:00  20000  127.0.0.1:30000
       fe80::250:79ff:fe66:6800/64
C2  192.168.1.2/24       192.168.1.254     00:50:79:66:68:01  20001  127.0.0.1:30001
       fe80::250:79ff:fe66:6801/64
C3  192.168.1.3/24       192.168.1.254     00:50:79:66:68:02  20002  127.0.0.1:30002
       fe80::250:79ff:fe66:6802/64
       2001:2::1/64
S1  172.22.0.10/24       172.22.0.254      00:50:79:66:68:03  20003  127.0.0.1:30003
       fe80::250:79ff:fe66:6803/64
       2001:2::2/64
S2  172.22.0.11/24       172.22.0.254      00:50:79:66:68:04  20004  127.0.0.1:30004
       fe80::250:79ff:fe66:6804/64
       2001:3::2/64

C1> ping 172.22.0.10
*192.168.1.254 icmp_seq=1 ttl=255 time=48.000 ms (ICMP type:3, code:13, Communic
ation administratively prohibited)
*192.168.1.254 icmp_seq=2 ttl=255 time=42.000 ms (ICMP type:3, code:13, Communic
ation administratively prohibited)
*192.168.1.254 icmp_seq=3 ttl=255 time=31.000 ms (ICMP type:3, code:13, Communic
ation administratively prohibited)
*192.168.1.254 icmp_seq=4 ttl=255 time=41.000 ms (ICMP type:3, code:13, Communic
ation administratively prohibited)
*192.168.1.254 icmp_seq=5 ttl=255 time=33.000 ms (ICMP type:3, code:13, Communic
ation administratively prohibited)


C3> ping 172.22.0.10
172.22.0.10 icmp_seq=1 ttl=63 time=32.000 ms
172.22.0.10 icmp_seq=2 ttl=63 time=56.000 ms
172.22.0.10 icmp_seq=3 ttl=63 time=36.000 ms
172.22.0.10 icmp_seq=4 ttl=63 time=59.000 ms
172.22.0.10 icmp_seq=5 ttl=63 time=32.000 ms

VPCS[3]>



stacl#
stacl#sh access-list 10
Standard IP access list 10
    10 permit 192.168.1.3 (5 matches)
stacl#
stacl#


=====================================
!
!
hostname stacl
!
!
interface FastEthernet0/0
 ip address 192.168.1.254 255.255.255.0
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.22.0.254 255.255.255.0
 ip access-group 10 out
 ip virtual-reassembly
 duplex auto
 speed auto
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
access-list 10 permit 192.168.1.3
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!

!
webvpn cef
!
end


=====================================





沒有留言:

張貼留言