CCNA 17강 수업내용
R1 Router에 172.13.0.0/24 Network만 거부 나머지는 허용하는 항목 만들기
R1
!
conf t
access-list 10 deny 172.13.0.0 0.0.0.255
access-list 10 permit any
int s1/1
ip access-group 10 in
end
R1 Router에 172.13.0.0/24 Network Telnet만 거부 나머지는 허용하는 항목 만들기
R1
!
conf t
access-list 10 deny 172.13.0.0 0.0.0.255
access-list 10 permit any
line vty 0 4
ip access-group 10 in
end
R3#ping 192.168.1.9 source 172.13.0.1
!!!!!
R##telnet 192.168.1.9 /source-intertace host
% Connection refused by retome host
1. R1 Router에 172.12.0.0/24 172.13.0.0/24 Network만 Telnet 허용 나머지는 거부 하는 항목만들기
R1
conf t
access-list 11 permit 172.12.0.0 0.0.0.255
access-list 11 permit 172.13.0.0 0.0.0.255
line vty 0 4
ip access-group 11 in
end
R2
R2#telnet 192.168.1.1 /source-interface f0/0
R1>
R2#telnet 192.168.1.1 /source-interface lo 1
% Connection relused by remote host
R3#telnet 192.168.1.9 /source-interface lo 0
R1>
R3#telnet 192.168.1.9 /source-interface lo 1
% Connection relused by remote host
@Extended ACL(확장 ACL) - Packet Filtering
Source IP, Destination IP, Protocol, Option을 검사하여 허용하거나 거부하는 항목을 만든다.
list-number : 100-199
Router(config)#access-list <list-number><permit/deny><protocol><source IP><wildcardmask><destinatio IP><wildcardmask><option>
ITBANK(121.160.70.0/24)내부에 HTTP만 허용 나머지 거부하는 항목만들기
Router(config)#access-list 100 permit tcp 121.160.70.0 0.0.0.255 any eq 80
ITBANK(121.160.70.0/24)내부에 Telnet, TFTP만 거부 나머지 허용하는 항목만들기
Router(config)#access-list 101 deny tcp 121.160.70.0 0.0.0.255 any eq 23
Router(config)#access-list 101 deny tcp 121.160.70.0 0.0.0.255 any eq 69
Router(config)#access-list 101 permit tcp any any
Router(config)#access-list 101 permit udp any any
Telnet,SSH,HTTP.HTTPs Enable
!
conf t
ip domain-name ccna
crypto key generate rsa
1024
ip http server
ip http secure-server
ip http authentication local
username root privilege 15 password cisco
line vty 0 4
login local
transport input telnet ssh
end
1. 172.12.0.0/24 Network Telnet만 사용할 수 있도록 설정
R2
!
conf t
access-list 100 permit tcp 172.12.0.0 0.0.0.255 any eq 23
int f0/0
ip access-group 100 in
end
1. 172.12.0.0/24 Network HTTP,SSH만 허용 나머지 거부하는 항목만들기
R2
!
conf t
access-list 101 permit tcp 172.12.0.0 0.0.0.255 any eq 80
access-list 101 permit tcp 172.12.0.0 0.0.0.255 any eq 22
int f0/0
ip access-group 101 in
end
2. 172.12.0.0/24 Network HTTP만 사용할 수 없도록 설정
R2
!
conf t
access-list 102 deny tcp 172.12.0.0 0.0.0.255 any eq 80
access-list 102 permit tcp any any
access-list 102 permit ip any any
int f0/0
ip access-group 102 in
end
3. 172.12.0.0/24 Network Ping만 사용할 수 없도록 설정
R2
!
conf t
access-list 103 deny icmp 172.12.0.0 0.0.0.255 any echo
access-list 103 deny icmp 172.12.0.0 0.0.0.255 any echo-reply
access-list 103 permit icmp any any
access-list 103 permit ip any any
int f0/0
ip access-group 103 in
end
4. R1 router에 SSH, Ping만 사용 나머지는 거부하는 항목만들기
R1
!
conf t
access-list 104 permit tcp any 192.168.1.0 0.0.0.3 eq 22
access-list 104 permit tcp any 172.11.0.0 0.0.0.255 eq 22
access-list 104 permit tcp any 172.11.1.0 0.0.0.255 eq 22
access-list 104 permit icmp any 192.168.1.1 0.0.0.3 any echo
access-list 104 permit icmp any 192.168.1.1 0.0.0.3 any echo-reply
access-list 104 permit icmp any 172.11.0.0 0.0.0.3 any echo
access-list 104 permit icmp any 172.11.0.0 0.0.0.3 any echo-reply
access-list 104 permit icmp any 172.11.1.0 0.0.0.3 any echo
access-list 104 permit icmp any 172.11.1.0 0.0.0.3 any echo-reply
int s1/0
ip access-group 104 in
int s1/1
ip access-group 104 in
end
'공부(工夫) > CCNA' 카테고리의 다른 글
CCNA 20강 수업내용 (0) | 2009.02.03 |
---|---|
CCNA 19강 수업내용 (0) | 2009.02.03 |
CCNA 18강 수업내용 (0) | 2009.01.30 |
CCNA 16강 수업내용 (0) | 2009.01.28 |
CCNA 15강 수업내용 (0) | 2009.01.23 |
CCNA 14강 수업내용 (0) | 2009.01.22 |
댓글
이 글 공유하기
다른 글
-
CCNA 19강 수업내용
CCNA 19강 수업내용
2009.02.03 -
CCNA 18강 수업내용
CCNA 18강 수업내용
2009.01.30 -
CCNA 16강 수업내용
CCNA 16강 수업내용
2009.01.28 -
CCNA 15강 수업내용
CCNA 15강 수업내용
2009.01.23