cisco设备访问列表access-list大解密(三)案例

2008-01-18 23:07:36 作者：来源：Cnfan.net收集浏览次数：709 文字大小：【大】【中】【小】

简介：从IOS12.0开始，CISCO路由器新增加了一种基于时间的访问列表。通过它，可以根据一天中的不同时间，或者根据一星期中的不同日期，当然也可以二者结合起来，控制对网络数据包的转发。　　一、使用方法　　这种基 ...

示例一: 带Established选项的扩展访问列表

拓扑:

R2-(S2/0)-----------------(S2/0)-R1(S2/1)---------------(S2/1)-R3

带有Established的扩展访问列表允许内部用户访问外部网络,而拒绝外部网络访问内部网络,而没带Established的标准访问列表和扩展访问列表没有这个特性.
这个示例首先用OSPF来使全网互联.

R1:

r1#sh run
*Mar 1 00:25:17.275: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...

Current configuration : 1410 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
ip address 12.1.1.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 12.1.1.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial2/1
ip address 13.1.1.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 13.1.1.3 113 broadcast
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end

R2:

r2#sh run
Building configuration...

*Mar 1 00:27:29.871: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1298 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
ip address 12.1.1.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 12.1.1.1 201 broadcast
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end

r3

r3#sh run
Building configuration...

Current configuration : 1298 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/1
ip address 13.1.1.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 13.1.1.1 311 broadcast
no frame-relay inverse-arp
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end

[1] [2] [3] [4]

<欢迎投稿> <论坛讨论>

发表评论　加入收藏　告诉好友　打印本页　关闭窗口　返回顶部

»相关文章

»论坛新贴

精彩文章

活动资讯

今日头条

»导航列表
网管技术:网络知识 | 网络管理 | 网络协议 | 传输介质 | 备份恢复 | 协议分析 | 安全:安全公告 | 病毒木马 | 安全知识 | 安全技术 | 防火墙 | VPN