Application of access control list technology

Language 2023-12-16 18:54:55 views: null

1. Reference experimental background

A company has a management department, a sales department and a financial department, and the departments communicate through routers. Now it is required that the manager department can access the finance department, but the sales department cannot access the finance department. Please fulfill this requirement of the customer.

The network topology is shown in Figure 9-10.

Figure 9-10 ACLConfiguring network topology

2. Reference experimental steps

1. Connect the devices according to the network topology requirements

2. Configure the IP address and clock frequency of each router port and activate it

A(config)#interface serial 0

A(config-if)#ip address 172.16.1.2 255.255.255.0

A(config-if)#no shutdown

A(config)#interface fastethernet 0

A(config-if)#ip address 172.16.4.1 255.255.255.0

A(config-if)#no shutdown

A(config)#interface fastethernet 1

A(config-if)#ip address 172.16.3.1 255.255.255.0

A(config-if)#no shutdown

B(config)#interface serial 0

B(config-if)#ip address 172.16.1.1 255.255.255.0

B(config-if)#no shutdown

B(config-if)clock rate 64000 (assuming DCE is connected to router B)

B(config)#interface fastethernet 0

B(config-if)#ip address 172.16.2.1 255.255.255.0

B(config-if)#no shutdown

3. Configure static routing or enable dynamic routing protocols

A(config)#ip route 172.16.2.0 255.255.255.0 172.16.1.1

B(config)#ip route 172.16.3.0 255.255.255.0 172.16.1.2

B(config)#ip route 172.16.4.0 255.255.255.0 172.16.1.2

4. Test 1

PC1, PC2 and PC3 can ping each other.

5. Configure access control list

B(config)#access-list 1 deny 172.16.4.0 0.0.0.255

   Deny traffic from the 172.16.4.0 network segment

B(config)#access-list 1 permit any Allow other traffic to pass

B(config)#interface fastethernet 0

B(config-if)#ip access-group 1 out Access control list pop-up traffic call under the interface

6. Test 2

PC2 cannot ping PC1, but PC3 and PC1 can ping each other.

3. Experimental thinking questions

1. In this experiment, can PC1 and PC2 ping each other? What is the difference between the prompt information when PC1 host pings PC2 and PC2 host pings PC1? Why?

2. Is there any practical significance in setting the DENY rule at the end of the ACL? Why?​ 

Guess you like

Origin blog.csdn.net/m0_68036862/article/details/134771224
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com