Configuración y aplicación de ACL numeradas extendidas En GNS3
Filtro extendido de ACL basado en la dirección de origen y destino, así como los protocolos de capa 4 TCP y UDP.
1.- Configurar los nombres de host en R1 y R2
2.- Configurar en R1 s1/0 como DCE para proveer un clock rate de
80640kbps a R2 más sus correspondientes direcciones IP.
3.- Configurar una ruta predeterminada estática en el R1 señalando a R2 (sobre la conexión serial entre los dos Routers). Configure también una ruta predeterminada estática en el R3 señalando al R1 vía la conexión serial entre los dos Routers y las interfaces de loopback especificadas en el diagrama.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#inter s1/0
R1(config-if)#ip add 172.16.1.1 255.255.255.192
R1(config-if)#no shu
R1(config-if)#
*Mar 1 00:09:59.939: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#
*Mar 1 00:10:00.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#clock rate 80640
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#inter s1/0
R2(config-if)#ip add 172.16.1.2 255.255.255.192
R2(config-if)#no shu
R2(config-if)#
*Mar 1 00:10:57.499: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar 1 00:10:58.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/24 ms
R2(config-if)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.1
R2(config)#
R2(config)#inter loop10
R2(config-if)#ip a
*Mar 1 00:18:45.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R2(config-if)#ip add 10.10.10.2 255.255.255.128
R2(config-if)#inter loop20
R2(config-if)#ip
*Mar 1 00:20:55.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R2(config-if)#ip add 10.20.20.2 255.255.255.240
R2(config-if)#inter loop30
R2(config-if)#ip ad
*Mar 1 00:21:32.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up
R2(config-if)#ip add 10.30.30.2 255.255.255.248
R2(config-if)#end
R2#sh ip inter b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
Serial1/0 172.16.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Loopback10 10.10.10.2 YES manual up up
Loopback20 10.20.20.2 YES manual up up
Loopback30 10.30.30.2 YES manual up up
R2#
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.2
R1(config)#inter loop10
*Mar 1 00:27:12.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R1(config-if)#ip add 172.16.4.1 255.255.255.192
R1(config-if)#exit
R1(config)#inter loop20
*Mar 1 00:27:57.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R1(config-if)#ip add 172.17.5.1 255.255.255.248
R1(config-if)#end
R1#
R1#sh ip inter b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
Serial1/0 172.16.1.1 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Loopback10 172.16.4.1 YES manual up up
Loopback20 172.17.5.1 YES manual up up
R1#
R2#ping 172.16.4.1 source loop10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/84 ms
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#enable secret CISCO
R2(config)#line vty 0 903
R2(config-line)#password CISCO
R2(config-line)#login
R2(config-line)#end
R2#
*Mar 1 00:35:48.115: %SYS-5-CONFIG_I: Configured from console by console
R2#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#enable secret CISCO
R1(config)#line vty 0 903
R1(config-line)#end
*Mar 1 00:40:22.755: %SYS-5-CONFIG_I: Configured from console by console
R1#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access 170 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet
R2(config)#access-l 170 perm tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
R2(config)#access- 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
R2(config)#access 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2(config)#inter s1/0
R2(config-if)#ip access-group 170 in
R2(config-if)#end
R2#sh ip access-lists 170
Extended IP access list 170
10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet
20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R1#
R1#telnet 10.30.30.2 /source-interface loopback10
Trying 10.30.30.2 ... Open
User Access Verification
Password:
R2>en
Password:
R2#exit
R1#telnet 10.20.20.2 /source-interface loopback10
Trying 10.20.20.2 ... Open
User Access Verification
Password:
R2>en
Password:
R2#exit
R1#ping 10.10.10.2 source loopback20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
Packet sent with a source address of 172.17.5.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/80/88 ms
R1#
R2#sh ip access-lists 170
Extended IP access list 170
10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet (234 matches)
20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet (129 matches)
30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo (45 matches)
40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2#exit
R1#