动态acl实验

 拓扑图如下（学号26）：

 

 

配置静态路由：

R1(config)#int f0/0

R1(config-if)#ip address 10.26.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config)#int f0/1

R1(config-if)#ip address 14.26.2.1 255.255.255.0

R1(config-if)#no shutdown

 

R4(config)#ip route 10.26.1.0 255.255.255.0 14.26.2.1

R3(config)#ip route 14.26.2.0 255.255.255.0 10.26.1.1

R2(config)#ip route 14.26.2.0 255.255.255.0 10.26.1.1

 

测试网络是否Ping通：

R2pingR4

 

 

R1pingR4

 

 

R3pingR2

 

 

R4pingR2

 

 

动态acl

R1(config)#access-list 100 permit tcp an an eq telnet

R1(config)#access-list 100 dynamic ccie timeout 2 permit icmp any any

R1(config)#int f0/0

R1(config-if)#ip access-group 100 in

 

 

配置本地用户数据库

R1(config)#username ccie password ysx

R1(config)#line vty 0 181

R1(config-line)#login local

R1(config-line)#autocommand access-enable

 

 

R1#show ip access-lists

Extended IP access list 100

    10 permit tcp any any eq telnet (84 matches)

    20 Dynamic ccie permit icmp any any

Reflexive IP access list abc

Extended IP access list come

    10 permit icmp any any (35 matches)

    20 evaluate abc

Extended IP access list goto

    10 permit tcp any any eq telnet reflect abc (23 matches)

20 permit ip any any (15 matches)