訪(fǎng)問(wèn)控制列表實(shí)驗(yàn)報(bào)告_第1頁(yè)
訪(fǎng)問(wèn)控制列表實(shí)驗(yàn)報(bào)告_第2頁(yè)
訪(fǎng)問(wèn)控制列表實(shí)驗(yàn)報(bào)告_第3頁(yè)
訪(fǎng)問(wèn)控制列表實(shí)驗(yàn)報(bào)告_第4頁(yè)
訪(fǎng)問(wèn)控制列表實(shí)驗(yàn)報(bào)告_第5頁(yè)
已閱讀5頁(yè),還剩3頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶(hù)提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

實(shí)訓(xùn)報(bào)告實(shí)驗(yàn)名稱(chēng) 訪(fǎng)問(wèn)控制列表課程名稱(chēng) 計(jì)算機(jī)網(wǎng)絡(luò)實(shí)驗(yàn)?zāi)康恼莆赵L(fǎng)問(wèn)控制列表的概念。能對(duì)路由器進(jìn)行訪(fǎng)問(wèn)控制列表的設(shè)置。實(shí)驗(yàn)環(huán)境微機(jī)4臺(tái),2811的路由器2臺(tái),2950的交換機(jī)4臺(tái),雙絞線(xiàn)4條,串行線(xiàn)一條。在計(jì)算機(jī)上安裝有windowsxp的操作系統(tǒng),并且安裝有CiscoPacketTracer軟件。實(shí)訓(xùn)規(guī)劃和拓?fù)鋱D規(guī)劃:IIBO.O.0.0/24sQ/0/OsO/0/D20.0.0.1/24fj/150.0.0.1/24fO/OLanSwitch2£0/03B1140.0.0.l/24ir22350-Z4Switchl2呻-24Sw?ch3濕IIBO.O.0.0/24sQ/0/OsO/0/D20.0.0.1/24fj/150.0.0.1/24fO/OLanSwitch2£0/03B1140.0.0.l/24ir22350-Z4Switchl2呻-24Sw?ch3濕Mfo/!Roi|terl30.0.0.1/24PC-PTPC2PC-PTPCInPC-PTPC3PC-PTPC420.0.0.2/2430.0.0.2/2440.0.0.2/2420.0.0.2/2430.0.0.2/2440.0.0.2/2450.0.0.Z/24TOC\o"1-5"\h\zA -]rLM/0/0(60.0.0.1/24)-R2.M/D/0(60.0.0.2/24)]rLfQ/D(20. 0.1/24)-鄰1 Lm 1 pel(20. 0. 0. 2)pl.fO/1(30. 0. 0. 1/24)-$戰(zhàn) 言n 2 pc:2C3D. 0. 0. 2)R2.f0/0(40. 0. 0. 1/24)-州 Lan 3 pc3(40. 0. 0. 2)]r2.fO/lG50. 0. 0. 1/24)-S戰(zhàn) Lan 4 pc4C50. 0. 0. 2)4、實(shí)驗(yàn)要求:要求:a、Lan1不能訪(fǎng)問(wèn)lan2.b、 Lan1能訪(fǎng)問(wèn)lan3不能訪(fǎng)問(wèn)lan4.c、 Lan2能訪(fǎng)問(wèn)lan4不能訪(fǎng)問(wèn)lan3.5、實(shí)驗(yàn)步驟:(1) 按照規(guī)劃,構(gòu)建拓?fù)鋱D。(標(biāo)注好各個(gè)接口,和ip地址)(2) 按照規(guī)劃配置好路由器的各個(gè)接口的ip地址,并且配置好路由協(xié)議,這里用的rip2.通過(guò)showiproute是否學(xué)到全網(wǎng)的路由。R1結(jié)果如下:Gatewayoflastresortisnotset-ZCi.0.0.0/Z4isEutmettedK1sulmetEC ZO.0.0.□isdirectlyconnected.FastEthernet0/030.0.0.0/Z4isEufcmettedK1subnetsC 30.0.0.0isdirectlyconnected.FastEthernet0/1R 4Ci.0.0.OXS [120/1]via 60.0.0.Z,00:00:18,SerialO/O/OR Sa.O.O.OXS [1Z0/1]via 60.0.0.Z,00:00:18,EerialO/O/OC 60.0.0.0/S isdirectly connected,EerialO/O/OR2結(jié)果如下:Gat-eway>z>flast- isnotset-RZO.U.O.0/8[ISOrl]via60.□.00;00;16^SerialC/U/U4U.0-0.L>/24Am4U.Li.0.Uis4U.0-0.L>/24Am4U.Li.0.Uis50.0_0.Li/24is■50.Li.0.Uis60.0_0.LI/E4is60.Li.0.Uisdirect-lycumiected?Fast-EtheunetU/0si-iEinet.r.ed^1siiLitietsdirect-lycumiect.ed_Fast-Et-hemet-U/lsi-itmet.r.Ed^1siiLiriet-sdirect-lycumieex已d仃Seriain/O./Li(3)配置訪(fǎng)問(wèn)控制列表:針對(duì)要求:Lan1不能訪(fǎng)問(wèn)lan2(以R1的接口f0/1為參照)

在R1:access-list1deny20.0.0.00.0.0.255access-list1permitanyR1的接口f0/1:ipaccess-group1out針對(duì)要求:Lan1能訪(fǎng)問(wèn)lan3不能訪(fǎng)問(wèn)lan4(以R2的接口f0/1為參照)在R2:access-list1deny20.0.0.00.0.0.255access-list1permitanyR2.f0/1ipaccess-groupout針對(duì)要求:Lan2能訪(fǎng)問(wèn)lan4不能訪(fǎng)問(wèn)lan3(以R2的接口f0/0為參照)在R2:aceess-list2deny30.0.0.00.0.0.255aceess-list2permitanyR2.f0/0:ipaccess-group2out6、實(shí)驗(yàn)結(jié)果:(1)針對(duì)要求:Lan1不能訪(fǎng)問(wèn)lan2.測(cè)試有以下結(jié)果:

pcipingpc2不通,符合要求1,如下圖所示。PC^ping30.0_0-£P(guān)inging30.0_0.2:with3Zbytesofdata:ReplyReplyReplyReplyfromfromframframZ0_0.0.1:DestinationZ0_0.0.1:Dest-inationZ0.0.0.1;ReplyReplyReplyReplyfromfromframframZ0_0.0.1:DestinationZ0_0.0.1:Dest-inationZ0.0.0.1;^0.0.0.1;liostunrea-ctiahle-unr&acliatole-Pingstatistiesfor30_□_0_Z:Packets:Serit4fRaceived0fLostPc2pingpciPingstatistiesfor30_□_0_Z:Packets:Serit4fRaceived0fLostPc2pingpci如下圖:POping20_0.0_2Pi&giHgZ0.0.0_2rri七B3Ztoytssofda.ts:ReqTiQEt.timLed out..ReqriesttimLed out..Reqriesttilled out.Recjuesttimed out.Pc1上路由跟蹤pc2:PC?-t.racert.30.0.0.ZTracing:mumto3QLQ-0.2;w移匚日.皿盆芯 口f3口h口gm:1£3mm 47mm必mm20.0.0.12£3mm 右凸mm47mm20.0.0.1363I£lS 63ms62ms20.a.o.i462UlS €2地三C220_0_0.1(2)針對(duì)要求:Lan1能訪(fǎng)問(wèn)lan3不能訪(fǎng)問(wèn)lan4Pcipingpc3:結(jié)果如下Pinging40.0.0.Zwith3Zbytesofdata:ReplyReplyReplyReplyfEonfEonfEonfEon40.0_0.Z:40.0_0.Z=40.0_0.Z=40.0_0.Z=bytes=3Zbyt@£=3Zbyt@£=3Zbyt@£=3£tine=lE6iiL£tin@=lZ5nL£ReplyReplyReplyReplyfEonfEonfEonfEon40.0_0.Z:40.0_0.Z=40.0_0.Z=40.0_0.Z=bytes=3Zbyt@£=3Zbyt@£=3Zbyt@£=3£tine=lE6iiL£tin@=lZ5nL£tin@=156nL£tin@=lS6nL£TTL=IZ6TTL=IZ6TTL=IZ6TTL=IZ6Pelpingpc4結(jié)果如下:£0_0.0.2Pinning50_0.0.Zuith3Ziytesofdata:ReplyReplyReplyReplyfremfromfmmfmm60.0.0.ZzDestination60.0.0.ZzDestinationP±n^Ps_ckets:SentforSO.0.0.2:4ReplyReplyReplyReplyfremfromfmmfmm60.0.0.ZzDestination60.0.0.ZzDestinationP±n^Ps_ckets:SentforSO.0.0.2:4rP_eceitredhostliostllQStllQStunraachahle.unreactiaLile-0fLost4(100^lossPcl路由跟蹤pc4:tracert50.0.0.2TracitigroutetoS0_0_□_Z.o^7ermmaximumof30tiops:146uls6Zmw6ZmsZ0_0.□.1Z93uls93mm94ms60_0.□.Z394ULS94mm94ms60-0.□.Z494m_s79mw90mmS0_0.□.2594uls92m三93am60_0.□.2SSOuls94mw94amS0_0.□.2793uls93mw7SmsS0_0.□.2S7Suls54mm54ms50_0_0_£(3)針對(duì)要求:Lan2能訪(fǎng)問(wèn)lan4不能訪(fǎng)問(wèn)lan3Pc2pingpc4:PC>pin.g-50_0.□.ZFin^in.^-50_0_□_2-witki32bytesofdata:HeplyReplyReplyUsplyfrom50.a.0.2:50.a_0_2:50.a.0.2:bytes=32byt&s=32byt&s=32tinia=l25m與time=140ii5ti^e=141TisHeplyReplyReplyUsplyfrom50.a.0.2:50.a_0_2:50.a.0.2:bytes=32byt&s=32byt&s=32tinia=l25m與time=140ii5ti^e=141TisTTL=126TTL=126TTL=1Z6SO.□.0.2:toyt&s=32TTL=12GPin^statisticc:for50.0.0.Z:Packets:Sent=4^Received=4*Lost=0(0^loss)FApproximateroundtriptlute5inmilli-seconds:Hiiiimun=LE5H5,MaKinLumi=14Lm5,Average=136n5Pc2pingpc3:POpiny40.0_0_ZP 40_0_0_2wi七k22bytesqfdata:ReplyReplyReplyReplyfrom_0-□-2:Lestination_0-□-2:Destinatioti0_0-0-£:Destlnatioti_0.□.Z:Destlnationhosthosthosthostimreackiah1e-imreachah1e.imreackiati1e-imreacliah1e.Pc2路由跟蹤pc3:FC>t-rs_cert40_0-0_2TtacirLg eto40_0.2overa.ma.婦mumof30hops:147色三47T£lS62MM30_0_0.1Z94a三9494MEeo.o.a.2aS3mu94T£l594eo_o.a.2463mm94ms94皿匚€o_o.a.z59493ms62皿匚€o_o.a.z4.實(shí)驗(yàn)分析(1) 要求Lan1不能互相訪(fǎng)問(wèn)lan2(以接口R1的接口f0/1為參照)以R1的接口f0/1為參照,(一般在實(shí)際情況,在自己的路由器上防止別個(gè)進(jìn)入,進(jìn)行設(shè)置,跑到別個(gè)的路由器上設(shè)置不現(xiàn)實(shí))不允許源地址為lan1的網(wǎng)絡(luò)(20.0.0.0/24)從接口f0/1出。允許原地址為的其它任何網(wǎng)絡(luò)(包括如30.0.0.0/24)通過(guò)出。所以在R1上有以下語(yǔ)句:access-list1deny20.0.0.00.0.0.255access-list1permitanyR1的接口f0/1:ipaccess-group1out從ping和路由跟蹤的結(jié)果來(lái)看,數(shù)據(jù)分組只到達(dá)20.0.0.1就停止了。符合要求。(2) 針對(duì)要求:Lan1能訪(fǎng)問(wèn)lan3不能訪(fǎng)問(wèn)lan4以R2的接口f0/1為參照,拒絕源地址網(wǎng)絡(luò)為lan1(20.0.0.0/24)數(shù)據(jù)分組通過(guò)路由器R2的接口f0/1出。允許原地址為其它網(wǎng)絡(luò)的數(shù)據(jù)分組從路由器R2的接口f0/1出。語(yǔ)句如下:R2:access-list1deny20.0.0.00.0.0.255access-list1permitanyR2.f0/1ipaccess-groupout從pc1pingpc4和路由跟蹤的結(jié)果來(lái)看,數(shù)據(jù)分組經(jīng)過(guò)20.0.0.1,到達(dá)60.0.0.2就停止了,沒(méi)有到達(dá)50.0.0.1。符合要求。(3)針對(duì)要求:Lan2能訪(fǎng)問(wèn)lan4不能訪(fǎng)問(wèn)lan3以R2的接口f0/0為參照,拒絕原地址網(wǎng)絡(luò)為lan2(30.0.0.0/24)的數(shù)據(jù)分組從R2的接口f0/0出。允許源地址為其它網(wǎng)絡(luò)地址的數(shù)據(jù)分組從R2的?0/0接口出。所以有以下程序:在R2 aceess-list2deny30.0.0.00.0.0.255aceess-list2permitanyR2.f0/0: ipaccess-group2out從pc2pingpc3和路由跟蹤來(lái)看:pc2的數(shù)據(jù)分組經(jīng)過(guò)了30.0.0.1,到達(dá)了60.0.0.2,但就是到達(dá)不了40.0.0.1,所以符合要求。5.實(shí)驗(yàn)結(jié)論:(1)通過(guò)這次實(shí)驗(yàn),明白了訪(fǎng)問(wèn)控制列表的作用和配置格式,以及其含義:config)#access-list[#][permit|deny][source-addresskeywordany][sourcemask]語(yǔ)法:a

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶(hù)所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶(hù)上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶(hù)上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶(hù)因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論