NA-NP-IE系列实验38：基于时间ACL

实验38：基于时间ACL

1.实验目的

通过本实验可以掌握：

（1）定义time-range

（2）配置基于时间ACL

（3）基于时间ACL 调试

2.拓扑结构

实验拓扑如图 所示。

3.实验步骤

 注：

本实验要求只允许PC0主机在周一到周五的每天的7:11-14:110 访问路由器R2 的TELNET服务。

 

r0(config)#int f1/0

r0(config-if)#ip add 192.168.64.2 255.255.255.0

r0(config-if)#no sh

r0(config-if)#ping 172.1

*Mar  1 00:03:32.127: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up

*Mar  1 00:03:33.127: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up

r0(config-if)#do ping 192.168.64.129

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.64.129, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/21/48 ms

r0(config-if)#int s0/0

r0(config-if)#ip add 172.16.1.1 255.255.255.0

r0(config-if)#no sh

r0(config-if)#

*Mar  1 00:06:32.771: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

r0(config-if)#exit

r0(config)#router eigrp 1

r0(config-router)#no au

r0(config-router)#net 172.16.1.0

r0(config-router)#net 192.168.64.0

r0(config-router)#

*Mar  1 00:08:20.235: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.2 (Serial0/0) is up: new adjacency

r0(config-router)#exit

r0(config)#time-range time

r0(config-time-range)#periodic weekdays 7:11 to 14:11

r0(config-time-range)#$4.129 host 172.16.2.2 eq telnet time-range time    //命令太长的话，用$代替不能显示的部分：access-list 101 permit tcp host 192.168.64.129   host 172.16.2.2 eq telnet

time-range time

//在访问控制列表中调用time-range

r0(config)#int f1/0

r0(config-if)#ip access-group 101 in

r0(config-if)#^Z

r0#ping 172.16.2.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/43/104 ms

r0#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

 

r0(config-if)#do sh access-list 101

Extended IP access list 101

    10 permit tcp host 192.168.64.129 host 172.16.2.2 eq telnet time-range time (active)

 r0(config-if)#do sh time-range该命令用来查看定义的时间范围。

 

time-range entry: time (active)

   periodic weekdays 7:11 to 14:11

   used in: IP ACL entry

 

r1(config)#int s0/0

r1(config-if)#ip add 172.16.1.2 255.255.255.0

r1(config-if)#no sh

r1(config-if)#exit

r1(config)#int s0

*Mar  1 00:06:16.023: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

*Mar  1 00:06:17.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

r1(config)#int s0/1

r1(config-if)#ip add 172.16.2.1 255.255.255.0

r1(config-if)#no sh

r1(config-if)#

*Mar  1 00:06:31.283: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up

*Mar  1 00:06:32.283: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up

r1(config-if)#

*Mar  1 00:06:52.667: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down

r1(config-if)#

*Mar  1 00:07:12.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up

r1(config-if)#exit

r1(config)#router eigrp 1

r1(config-router)#no au

r1(config-router)#net 172.16.1.0

r1(config-router)#net

*Mar  1 00:08:19.939: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.2 (Serial0/1) is up: new adjacency

*Mar  1 00:08:19.943: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is up: new adjacency

r1(config-router)#net 172.16.2.0

r1(config-router)#  

*Mar  1 00:25:06.027: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is down: Interface Goodbye received

r1(config-router)#

*Mar  1 00:25:10.983: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.1.1 (Serial0/0) is up: new adjacency

r1(config-router)#

 

r2(config)#int s0/0

r2(config-if)#ip add 172.16.2.2 255.255.255.0

r2(config-if)#no sh

r2(config-if)#exi

*Mar  1 00:06:58.111: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

*Mar  1 00:06:59.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

r2(config-if)#exit

r2(config)#router eigrp 1

r2(config-router)#no au

r2(config-router)#net 172.16.2.0

r2(config-router)#

*Mar  1 00:08:19.535: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.2.1 (Serial0/0) is up: new adjacency

r2(config-router)#do ping 172.16.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/39/60 ms

r2(config-router)#do ping 192.16.64.129

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.16.64.129, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

r2(config-router)#^Z

r2#

r2#

*Mar  1 00:09:20.743: %SYS-5-CONFIG_I: Configured from console by console

r2#ping 192.168.64.129

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.64.129, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/37/76 ms

r2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.