实验名称: 路由器的防火墙(ACL
组网需求(AL1口可以ping BL1 口但是不允许BL1ping A L2 )
网络拓扑图:
 
实验步骤:
Route  A  的配置
1[Rooute]sys A
2[A-Serial0]ip add 1.1.1.1 24.
3.[A-Serial0]shutdown
4..[A-Serial0]undo shutdown
5.[A-LoopBack1]ip add 2.2.2.2 24
6..[A-LoopBack2]ip add 4.4.4.4 24
7.[A] ip route-static 3.3.3.0 255.255.255.0 1.1.1.2 preference 60
 
 
Route B的配置
1[Rooute]sys B
2[B-Serial0]ip add 1.1.1.2 24.
3.. [B-Serial0]shutdown
4..[B-Serial0]undo shutdown
5. [B-LoopBack1]ip add 3.3.3.3 24
6. [B] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1 preference 60
7[B] ip route-static 4.4.4.0 255.255.255.0 1.1.1.1 preference 60
 
(以上配置是让全网互通在没有使用ACL之前都可以相互访问)
[A]ping -a 2.2.2.2 3.3.3.3
  PING 3.3.3.3: 56  data bytes, press CTRL_C to break
    Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 26 ms
  --- 3.3.3.3 ping statistics ---
    5 packets transmitted
    5 packets received
    0.00% packet loss
    round-trip min/avg/max = 26/26/26 ms
 
[A]ping -a 4.4.4.4 3.3.3.3
  PING 3.3.3.3: 56  data bytes, press CTRL_C to break
    Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 26 ms
    Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 27 ms
    Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 26 ms
  --- 3.3.3.3 ping statistics ---
    5 packets transmitted
    5 packets received
    0.00% packet loss
    round-trip min/avg/max = 26/26/27 ms
[A]
Route B的配置
B上定义了一条ACL 我拒绝了从4.0网段来到3.0网段去的路由信息。其他信息可通过,只后我把他用在也A相连的接口上数据近来的方向,那么就达到了实的目的同样的配置也可一在A上做)
8[B] rule normal deny ip source 4.4.4.4 0.0.0.0 destination 3.3.3.3 0.0.0.0
9[B] rule normal permit ip source any destination any
10.[B] firewall packet-filter 101 inbound
验证:
[B]ping -a 3.3.3.3 2.2.2.2
  PING 2.2.2.2: 56  data bytes, press CTRL_C to break
    Reply from 2.2.2.2: bytes=56 Sequence=0 ttl=255 time = 26 ms
    Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time = 26 ms
    Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time = 26 ms
    Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time = 26 ms
    Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time = 26 ms
 
  --- 2.2.2.2 ping statistics ---
    5 packets transmitted
    5 packets received
    0.00% packet loss
    round-trip min/avg/max = 26/26/26 ms
 
[B]ping -a 3.3.3.3 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
 
  --- 4.4.4.4 ping statistics ---
    5 packets transmitted
    0 packets received
    100.00% packet loss
 
[B]