访问控制列表（ACL）应用示例

文章作者 100test 发表时间 2007:06:08 11:10:49
来源 100Test.Com百考试题网

　　带Established选项的扩展访问列表

　　拓扑：

　　R2-(S2/0)——(S2/0)-R1(S2/1)——(S2/1)-R3

　　带有Established的扩展访问列表允许内部用户访问外部网络，而拒绝外部网络访问内部网络，而没带Established的标准访问列表和扩展访问列表没有这个特性。

　　这个示例首先用OSPF来使全网互联。

　　R1

r1#sh run *Mar 1 00:25:17.275: %SYS-5-CONFIG_I: Configured from console by console Building configuration... Current configuration : 1410 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r1 ! logging queue-limit 100 ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 mpls ldp logging neighbor-changes ! ! ! ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial2/0 ip address 12.1.1.1 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point serial restart_delay 0 frame-relay map ip 12.1.1.2 102 broadcast no frame-relay inverse-arp ! interface Serial2/1 ip address 13.1.1.1 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point serial restart_delay 0 frame-relay map ip 13.1.1.3 113 broadcast ! interface Serial2/2 no ip address shutdown serial restart_delay 0 ! interface Serial2/3 no ip address shutdown serial restart_delay 0 ! router ospf 10 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip http server no ip http secure-server ip classless ! ! ! ! ! call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 no login ! ! end

src="/cisco/js/wxgg_cisco.js">