Objective: Gain experience configuring standard access lists.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu
Background Reading: Lab Primer Lesson 10: Access Lists
If you feel confident about configuring IP addresses and RIP, establish the configuration in the table below, and then continue with step 10.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu
Background Reading: Lab Primer Lesson 10: Access Lists
If you feel confident about configuring IP addresses and RIP, establish the configuration in the table below, and then continue with step 10.
1. Connect to Router 1, assign it a host name of Router1, and set the IP address on the Ethernet 0 interface to 24.17.2.1 255.255.255.240. Set the IP address on the serial 0 interface to 24.17.2.17 255.255.255.240. Remember to enable both interfaces.
Router> enable
Router#config t
Router(config)#hostname Router1
Router1(config)#interface ethernet0
Router1(config-if)#ip address 24.17.2.1 255.255.255.240
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#interface serial0
Router1(config-if)#ip address 24.17.2.17 255.255.255.240
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#exit
2. Connect to Router 2, assign it a host name of Router2, and set the IP address on the Ethernet 0 interface to 24.17.2.2 255.255.255.240. Remember to enable the interface.
Router>enable
Router#config t
Router(config)#hostname Router2
Router2(config)#interface ethernet0
Router2(config-if)#ip address 24.17.2.2 255.255.255.240
Router2(config-if)#no shutdown
Router2(config-if)#exit
Router2(config)#exit
3. From Router2, ping Router1’s Ethernet 0 interface to ensure a connection exists.
Router2#ping 24.17.2.1
4. Connect to Router 4, assign it a host name of Router4, and set the IP address on the serial 0 interface to 24.17.2.18 255.255.255.240. Then ping Router1’s serial 0 interface.
Router>enable
Router#config t
Router(config)#hostname Router4
Router4(config)#interface serial0
Router4(config-if)#ip address 24.17.2.18 255.255.255.240
Router4(config-if)#no shutdown
Router4(config-if)#exit
Router4(config)#exit
Router4#ping 24.17.2.17
5. Now that IP addresses have been configured on all interfaces, you need to implement a routing protocol to facilitate communication between Router2 and Router4. Enable Routing Information Protocol (RIP) on Router1, and add the network for Ethernet 0 and serial 0.
Router1#config t
Router1(config)#router rip
Router1(config-router)#network 24.0.0.0
Router1(config-router)#exit
Router1(config)#exit
6. On Router2, enable RIP and add the network for Ethernet 0.
Router2#conf t
Router2(config)#router rip
Router2(config-router)#network 24.0.0.0
Router2(config-router)#exit
Router2(config)#exit
7. On Router4, enable RIP and add the network for serial 0.
Router4#conf t
Router4(config)#router rip
Router4(config-router)#network 24.0.0.0
Router4(config-router)#exit
Router4(config)#exit
8. Verify that you can ping Router2’s Ethernet 0 interface from Router4.
Router4#ping 24.17.2.2
9. Now, configure a standard access list to block Router4 from being able to ping Router2.You should configure this access list on Router2. First, connect to Router2 and enter global configuration mode.
Router2#conf t
Router2(config)#
10. Create access list 1 to block the single IP address 24.17.2.18. Here are three ways to accomplish this:
Router2(config)#access-list 1 deny host 24.17.2.18
OR
Router2(config)#access-list 1 deny 24.17.2.18 0.0.0.0
OR
Router2(config)#access-list 1 deny 24.17.2.18
11. Next, issue the access-list 1 permit any command.
Router2(config)#access-list 1 permit any
12. Now you need to apply the access list to the Ethernet 0 interface. You must specify the direction of traffic flow upon which the access list should apply. The in parameter configures the access list to apply to packets coming in from the network and traveling to the router. The out parameter configures the access list to apply to packets traveling from the router out the interface to the network. In this scenario, you should use the in parameter.
Router2(config)#interface ethernet0
Router2(config-if)#ip access-group 1 in
Router2(config-if)#exit
Note: This completes the Standard Access Lists lab. Please continue on to Lab 28: Verify Standard Access Lists without accessing the Lab Navigator.
**************************************************
本文转自redking51CTO博客,原文链接:
http://blog.51cto.com/redking/74740
,如需转载请自行联系原作者