Objective: Verify that the extended access lists created in Lab 29 are configured correctly.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu
Background Reading: Lab Primer Lesson 10: Access Lists
Prerequisite: You must have just completed Lab 29: Extended Access Lists in order to complete this lab successfully.
1. Test whether the extended access lists created in Lab 29 are working properly. Connect to Router4, and try to ping Router1’s serial 0 interface. If the access lists are configured correctly, you should not be able to ping the serial interface.
Router4>enable
Router4#ping 24.17.2.17
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu
Background Reading: Lab Primer Lesson 10: Access Lists
Prerequisite: You must have just completed Lab 29: Extended Access Lists in order to complete this lab successfully.
1. Test whether the extended access lists created in Lab 29 are working properly. Connect to Router4, and try to ping Router1’s serial 0 interface. If the access lists are configured correctly, you should not be able to ping the serial interface.
Router4>enable
Router4#ping 24.17.2.17
2. Now that you have verified that the access lists are blocking pings to Router1 from the subnet off of Router1’s serial 0 interface, verify that Telnet traffic from that subnet is allowed to reach Router1. Connect to Router1, enable Telnet access, and then set the password to boson.
Router1(config)#
Router1(config)#line vty 0 4
Router1(config-line)#login
Router1(config-line)#password boson
Router1(config-line)#exit
3. Connect to Router4 again, and try to telnet into Router1’s serial 0 interface.
Router4#telnet 24.17.2.17
4. If Telnet access is permitted, you should see the host name in the router prompt change to Router1. Now, press the CTRL+SHIFT+6 key combination followed by the X key to return to Router4. Then type disconnect 1 to close the connection to Router1.
Router1> Press CTRL+SHIFT+6, then press X
Router4#disconnect 1
5. Connect to Router2, and see if you can ping Router4’s serial 0 interface.
Router2>enable
Router2#ping 24.17.2.18
Consider why the ping is unsuccessful. The packet starts at Router2, travels through Router1, and reaches Router4. Once it arrives at Router4, it is repackaged and sent back to Router1. When Router4 repackages the packet, the packet’s source IP address becomes the destination IP address, and the destination IP address becomes the source IP address. When the packet encounters the access list on Router1’s serial 0 interface, it is blocked because the packet’s source IP address is Router4’s serial 0 address.
6. See if you can ping Router1’s Ethernet 0 interface from Router2.
Router2#ping 24.17.2.1
7. Now, try to telnet into Router1’s Ethernet 0 interface from Router2. If Telnet access is permitted, you should see the host name in the router prompt change to Router1. Press the CTRL+SHIFT+6 key combination followed by the X key to return to Router4. Then type disconnect 1 to close the connection to Router1.
Router2#telnet 24.17.2.1
Router1> Press CTRL+SHIFT+6, then press X
Router2#disconnect 1
8. To verify that the access lists are configured on the interfaces, display the running configuration.
Router1#show running-config
9. You can also view which access lists are applied to the interfaces by using the show IP interface command.
Router1#show ip interface
10. The show access-lists command displays which access lists have been created on a router. The output of this command also tells you which lines of the access list have been used and how many packets have been permitted or denied.
Router1#show access-lists
********************************************************
本文转自redking51CTO博客,原文链接:http://blog.51cto.com/redking/74777
,如需转载请自行联系原作者
