《acl综合配置练习》由会员分享,可在线阅读,更多相关《acl综合配置练习(15页珍藏版)》请在金锄头文库上搜索。
1、.ACL综合配置练习: 学号: 班级:任务1:配置带有CHAP身份验证的PPP步骤1:将HQ和B1之间的链路配置为使用带有CHAP身份验证的PPP封装Password: HQenablePassword: HQ#config tHQ(config)#username B1 password cisco123HQ(config)#interface s0/0/0HQ(config-if)#no shutdownHQ(config-if)#encapsulation pppHQ(config-if)#encapsulation pppHQ(config-if)#ppp authentication
2、 chapHQ(config-if)#endHQ#copy running-config startup-config HQ#Password: B1enablePassword: B1#config tB1(config)#username HQ password cisco123B1(config)#interface s0/0/0B1(config-if)#no shutdownB1(config-if)#encapsulation pppB1(config-if)#ppp authentication chapB1(config-if)#endB1#copy running-confi
3、g startup-config步骤2:将HQ和B2之间的链路配置为使用带有CHAP身份验证的PPP封装HQ#config tHQ(config)#username B2 password cisco123HQ(config)#interface s0/0/1HQ(config-if)#no shutdownHQ(config-if)#encapsulation pppHQ(config-if)#ppp authentication chapHQ(config-if)#endHQ#copy running-config startup-config HQ#Password: B2enableP
4、assword: B2#config tB2(config)#username HQ password cisco123B2(config)#interface s0/0/0B2(config-if)#no shutdownB2(config-if)#encapsulation pppB2(config-if)#ppp authentication chapB2(config-if)#endB2#copy running-config startup-config步骤3:检查路由器之间是否已恢复连通性HQ ping B1HQ ping B2任务2:配置默认路由步骤1:配置从HQ到ISP的默认路
5、由HQ#config tHQ(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0HQ(config)#endHQ#copy running-config startup-configHQ#步骤2:测试与Web Server的连通性任务3:配置OSPF路由步骤1:在HQ上配置OSPFHQ#config tHQ(config)#router ospf 1HQ(config-router)#network 10.1.40.0 0.0.0.255 area 0HQ(config-router)#network 10.1.50.0 0.0.0.255 area 0HQ(con
6、fig-router)#network 10.1.1.0 0.0.0.3 area 0HQ(config-router)#network 10.1.1.4 0.0.0.3 area 0HQ(config-router)#passive-interface f0/0HQ(config-router)#passive-interface f0/1HQ(config-router)#passive-interface s0/1/0HQ(config-router)#log-adjacency-changesHQ(config-router)#default-information originate
7、HQ(config-router)#endHQ#copy running-config startup-configHQ#步骤2:在B1和B2上配置OSPFPassword: B1enablePassword: B1#config tB1(config)#router ospf 1B1(config-router)#network 10.1.20.0 0.0.0.255 area 0B1(config-router)#network 10.1.10.0 0.0.0.255 area 0B1(config-router)#network 10.1.1.0 0.0.0.3 area 0B1(con
8、fig)#router ospf 1B1(config-router)#passive-interface f0/0B1(config-router)#passive-interface f0/1B1(config-router)#endB1#copy running-config startup-configB1#Password: B2enablePassword: B2#config tB2(config)#router ospf 1B2(config-router)#network 10.1.1.4 0.0.0.3 area 0B2(config-router)#network 10.
9、1.70.0 0.0.0.255 area 0B2(config-router)#network 10.1.80.0 0.0.0.255 area 0B2(config-router)#passive-interface f0/0B2(config-router)#passive-interface f0/1B2(config-router)#endB2#copy running-config startup-configB2#步骤3:测试整个网络的连通性PC1 ping PC2PC1 ping PC4PC1 ping PC5PC1 ping PC6PC1 ping Server-PT部网PC
10、1 ping Server-PT Web ServerPC5 ping Server-PT Web Server任务4:实施多项ACL安全策略步骤1:实施第一项安全策略HQenablePassword: HQ#config tHQ(config)#access-list 10 deny 10.1.10.0 0.0.0.255HQ(config)#access-list 10 permit anyHQ(config)#interface f0/1HQ(config-if)#ip access-group 10 outHQ(config-if)#endHQ#copy running-config
11、startup-config HQ#步骤2:检查第一项安全策略是否已实现PC5 ping PC1步骤4:实施第二项安全策略B1(config)#access-list 115 deny ip host 10.1.10.5host 10.1.50.7B1(config)#access-list 115 permit ip any anyB1(config)#interface f0/0B1(config-if)#ip access-group 115 inB1(config-if)#endB1#copy running-config startup-configB1#步骤5:检查第二项安全策略是
12、否已实现PC5 ping PC3步骤7:实施第三项安全策略配置前测试PC2 ping Server-PT 部的PC3 ping Server-PT 部的配置HQ(config)#access-list 101 deny tcp 10.1.50.0 0.0.0.63 host 10.1.80.16 eq HQ(config)#access-list 101 permit ip any anyHQ(config)#interface f0/0HQ(config-if)#ip access-group 101 in配置后测试步骤10:实施第四项安全策略B2enablePassword: B2#con
13、fig tB2(config)#ip access-list extended NO_FTPB2(config-ext-nacl)#deny tcp 10.1.70.0 0.0.0.255 host 10.1.10.2 eq 21B2(config-ext-nacl)#permit ip any anyB2(config-ext-nacl)#interface f0/1B2(config-if)#ip access-group NO_FTP inB2(config-if)#endB2#copy running-config startup-configB2#步骤11:检测结果步骤12:实施第五
14、项安全策略HQ#config tHQ(config)#ip access-list extended FIREWALLHQ(config-ext-nacl)#permit icmp any any echo-replyHQ(config-ext-nacl)#permit tcp any any establishedHQ(config-ext-nacl)#deny ip any anyHQ(config-ext-nacl)#interface s0/1/0HQ(config-if)#description Link to ISPHQ(config-if)#ip access-group FIREWALL inHQ(config-if)#endHQ#copy running-config startup-config HQ#步骤13:检查第五项安全策略是否已实现PC1 ping Web ServerPC4 ping Web ServerWeb Server ping PC1Web Server ping PC5-
