ACL基础综合实验

一、实验拓扑

二、实验要求
1、全网可达
2、公司内网所有pc都可以访问外网，
3、pc0不能ping通R3，但是R3能够ping通pc0
4、pc1可以ping通R2，但是不能够远程登录到R2
5、PC8远程登录R0实际上登录到R3
6、pc1可以ping通pc5但是不能够ping通pc4
7、pc7不能够访问服务器

三、地址规划
1、网段设置如拓扑图中所示
2、内网中的PC自动获取IP地址，IP地址所处网段如拓扑图所示

四、测试
本实验可以实现以上所有要求，以下测试第3、4、5项要求
测试3：pc0不能ping通R3，但是R3能够ping通pc0


相应的配置：
使用扩展列表，配置的是第10条项目，并在R0的f1/0.1接口的in方向调用


测试4：pc1可以ping通R2，但是不能够远程登录到R2

相应的配置：
使用扩展列表，配置的是第15条项目，并在R0的f1/0.1接口的in方向调用

测试5：PC8远程登录R0实际上登录到R3,此处使用的是一对一静态转换

五、实验配置
pc9所在的交换机sw2上没有做配置，以下给出其他设备的配置
——————————————————————————————————————————————————————————————————————
R0#sh running-config
Building configuration...

Current configuration : 1625 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R0
!
!
!
!
!
ip dhcp pool v2
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 45.1.1.100
ip dhcp pool v3
network 172.16.2.0 255.255.255.0
default-router 172.16.2.1
dns-server 45.1.1.100
!
no ip cef
no ipv6 cef
!
!
!
username zhejiang privilege 15 password 0 123456
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 11.1.1.2 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.1.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0.1
encapsulation dot1Q 2
ip address 172.16.1.1 255.255.255.0
ip access-group 100 in
!
interface FastEthernet1/0.2
encapsulation dot1Q 3
ip address 172.16.2.1 255.255.255.0
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 90
network 11.0.0.0
network 12.0.0.0
network 172.16.0.0
no auto-summary
!
ip nat inside source static 34.1.1.4 11.1.1.2
ip classless
!
ip flow-export version 9
!
!
access-list 100 deny icmp host 172.16.1.2 host 34.1.1.4 echo
access-list 100 permit ip any any
access-list 100 deny tcp host 172.16.1.3 host 23.1.1.3 eq telnet
access-list 100 deny icmp host 172.16.1.3 host 192.168.1.2 echo
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line aux 0
!
line vty 0 4
login local
!
!
!
end
——————————————————————————————————————————————————————————————————————
R1#sho running-config
Building configuration...

Current configuration : 886 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.5.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 90
network 12.0.0.0
network 23.0.0.0
network 192.168.5.0
no auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line aux 0
!
line vty 0 4
login
!
!
!
end
——————————————————————————————————————————————————————————————————————
R2#sho running-config
Building configuration...

Current configuration : 1442 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
!
!
!
ip dhcp pool v4
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 45.1.1.100
ip dhcp pool v5
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 45.1.1.100
!
no ip cef
no ipv6 cef
!
!
!
username zhejiang privilege 15 password 0 123456
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 23.1.1.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 34.1.1.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0.1
encapsulation dot1Q 4
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet1/0.2
encapsulation dot1Q 5
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 90
network 23.0.0.0
network 34.0.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 permit ip any any
access-list 101 deny ip host 192.168.2.3 host 45.1.1.100
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line aux 0
!
line vty 0 4
login local
!
!
!
end
——————————————————————————————————————————————————————————————————————
R3#sho running-config
Building configuration...

Current configuration : 909 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R3
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
username zhejiang privilege 15 password 0 123456
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 34.1.1.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 45.1.1.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 90
network 34.0.0.0
network 45.0.0.0
no auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line aux 0
!
line vty 0 4
login local
!
!
!
end
——————————————————————————————————————————————————————————————————————
sw0#sho running-config
Building configuration...

Current configuration : 1322 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname sw0
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
!
!
!
line con 0
logging synchronous
exec-timeout 0 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
——————————————————————————————————————————————————————————————————————
sw1#sho running-config
Building configuration...

Current configuration : 1322 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname sw1
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
!
!
!
line con 0
logging synchronous
exec-timeout 0 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
——————————————————————————————————————————————————————————————————————
六、注意事项
在调用ACL时，需要注意调用的接口和方向，如：本实验中调用的接口是子接口，而不是物理接口。