CISCO路由器访问列表大解密

    示例一: 带Established选项的扩展访问列表

    拓扑:

    R2-(S2/0)-----------------(S2/0)-R1(S2/1)---------------(S2/1)-R3
   
    带有Established的扩展访问列表允许内部用户访问外部网络,而拒绝外部网络访问内部网络,而没带Established的标准访问列表和扩展访问列表没有这个特性.

    这个示例首先用OSPF来使全网互联.

    R1:

    r1#sh run
    *Mar 1 00:25:17.275: %SYS-5-CONFIG_I: Configured from console by console
    Building configuration...

    Current configuration : 1410 bytes
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname r1
    !
    logging queue-limit 100
    !
    ip subnet-zero
    !
    !
    !
    ip audit notify log
    ip audit po max-events 100
    mpls ldp logging neighbor-changes
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no voice hpi capture buffer
    no voice hpi capture destination
    !
    !
    mta receive maximum-recipients 0
    !
    !
    !
    !
    interface Loopback0
    ip address 1.1.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet1/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial2/0
    ip address 12.1.1.1 255.255.255.0
    encapsulation frame-relay
    ip ospf network point-to-point
    serial restart_delay 0
    frame-relay map ip 12.1.1.2 102 broadcast
    no frame-relay inverse-arp
    !
    interface Serial2/1
    ip address 13.1.1.1 255.255.255.0
    encapsulation frame-relay
    ip ospf network point-to-point
    serial restart_delay 0
    frame-relay map ip 13.1.1.3 113 broadcast
    !
    interface Serial2/2
    no ip address
    shutdown
    serial restart_delay 0
    !
    interface Serial2/3
    no ip address
    shutdown
    serial restart_delay 0
    !
    router ospf 10
    log-adjacency-changes
     network 0.0.0.0 255.255.255.255 area 0
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    !
    !
    !
    call rsvp-sync
    !
    !
    mgcp profile default
    !
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    no login
    !
    !
    end

    R2:

    r2#sh run
    Building configuration...

    *Mar 1 00:27:29.871: %SYS-5-CONFIG_I: Configured from console by console
    Current configuration : 1298 bytes
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname r2
    !
    logging queue-limit 100
    !
    ip subnet-zero
    !
    !
    !
    ip audit notify log
    ip audit po max-events 100
    mpls ldp logging neighbor-changes
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no voice hpi capture buffer
    no voice hpi capture destination
    !
    !
    mta receive maximum-recipients 0
    !
    !
    !
    !
    interface Loopback0
    ip address 2.2.2.2 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet1/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial2/0
    ip address 12.1.1.2 255.255.255.0
    encapsulation frame-relay
    ip ospf network point-to-point
    serial restart_delay 0
    frame-relay map ip 12.1.1.1 201 broadcast
    no frame-relay inverse-arp
    !
    interface Serial2/1
    no ip address
    shutdown
    serial restart_delay 0
    !
    interface Serial2/2
    no ip address
    shutdown
    serial restart_delay 0
    !
    interface Serial2/3
    no ip address
    shutdown
    serial restart_delay 0
    !
    router ospf 10
    log-adjacency-changes
    network 0.0.0.0 255.255.255.255 area 0
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    !
    !
    !
    call rsvp-sync
    !
    !
    mgcp profile default
    !
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    no login
    !
    !
    end

    r3

    r3#sh run
    Building configuration...

    Current configuration : 1298 bytes
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname r3
    !
    logging queue-limit 100
    !
    ip subnet-zero
    !
    !
    !
    ip audit notify log
    ip audit po max-events 100
    mpls ldp logging neighbor-changes
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no voice hpi capture buffer
    no voice hpi capture destination
    !
    !
    mta receive maximum-recipients 0
    !
    !
    !
    !
    interface Loopback0
    ip address 3.3.3.3 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet1/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial2/0
    no ip address
    shutdown
    serial restart_delay 0
    !
    interface Serial2/1
    ip address 13.1.1.3 255.255.255.0
    encapsulation frame-relay
    ip ospf network point-to-point
    serial restart_delay 0
    frame-relay map ip 13.1.1.1 311 broadcast
     no frame-relay inverse-arp
    !
    interface Serial2/2
    no ip address
    shutdown
    serial restart_delay 0
    !
    interface Serial2/3
    no ip address
    shutdown
    serial restart_delay 0
    !
    router ospf 10
    log-adjacency-changes
    network 0.0.0.0 255.255.255.255 area 0
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    !
    !
    !
    call rsvp-sync
    !
    !
    mgcp profile default
    !
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    no login
    !
    !
    end
   

上一页  [1] [2] [3] [4] [5] [6] 下一页

【责编:Zenghui】