Ospf achieve integrated application examples and acl on ensp

Others 2019-12-10 23:37:12 views: null

acl command is mainly controlled

We look to build topology

 

 Content Experiments

 

 Analysis: 1. We need to plan for multiple domains ospf

    2. Financial and R & D areas where instability is not affecting other regions link

    3. Set acl rule on R1, R2, R3, limits only allowed to log IT

    4. R & D department and can not be exchanged between the Ministry of Finance, on the written acl advanced rules R1,

    Financial settings do not allow access Client1 on 5.R3

    R & D and financial Server1 can only access the service on 6.R3 WWW

Finance Department:
we can not communicate 1.YF and CW, but they can communicate with IT;
2.CW can not access Client1;
3.CW Server1 can only access the WWW services;
R & D:
can not be exchanged between 1.YF and CW , but they can communicate with IT;
3.YF Server1 can only access the WWW services;
IT department:
1.R1, R2, R3 are only allowed to log on IT management;
2.IT can access Client1;

 First, we configure our basic network

Configuring the pc

 

 

 

 

 

 

Configure the interfaces on R1

 

R2 configuration interface

 

 

R3 is an interface

 

 

 Here we configure OSPF service, set different domains on each switch, and we can set about the router id (can not be provided, we set up in order to better identify)

R1 setting

 

 Provided R2 (stub no-summary disposed edge region save bandwidth, receiving only intra-area routes)

Provided R3 (stub no-summary disposed edge region save bandwidth, receiving only intra-area routes)

Set about IT router, remember to set ip

 

Next, we in R3 this is the rule, first set the rules of 2000, set up easy-ip, vty be achieved at the entrance, we set the password,

And then set up a Ministry of Finance acl

Segment 30 is provided to prohibit 1.0 segment (R1 prohibiting access to financial unit switches)

禁止30网段访问20网段(禁止财务部访问研发部),允许30网段访问www服务器,禁止30网段访问40网段(禁止财务部ping服务器),我们在0/1接口入口实现规则

 

 

 我们再在R2上进行ACL规则的编写。先设置个2000的规则,设置easy-ip,使IT部可以访问出去在vty的入口进行实现,我们设置密码登录,

再设置一个研发部的acl

设置禁止20网段到30网段(禁止财务部访问R1交换机)

允许20网段访问www服务器,禁止20网段访问40网段(禁止财务部ping服务器),我们在0/2接口入口实现规则

 

 下面我们配置R1的ACL。先设置个2000的规则,设置easy-ip,使IT部可以访问出去在vty的入口进行实现,我们设置密码登录,

再设置一个3000的高级acl

允许R1访问www服务器,禁止20网段访问40网段(禁止财务部ping服务器)

我们在0/1接口入口实现高级规则

 

 接下来我们来验证一下

财务部可以访问www服务

 

 但不可以ping

 研发部可以访问www服务,但是不可以ping

 

 

 

 

验证R1,R2,R3只允许IT登录

 

 而别的不可以登录

记得save

 

Guess you like

Origin www.cnblogs.com/longshisan/p/12019738.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com