Páginas

miércoles, 14 de abril de 2021

Configuración de ACL numeradas extendidas En GNS3

Configuración y aplicación de ACL numeradas extendidas En GNS3




Filtro extendido de ACL basado en la dirección de origen y destino, así como los protocolos de capa 4 TCP y UDP.

1.- Configurar los nombres de host en R1 y R2

2.- Configurar en R1 s1/0 como DCE para proveer un clock rate de
80640kbps a R2 más sus correspondientes direcciones IP.

3.- Configurar una ruta predeterminada estática en el R1 señalando a R2 (sobre la conexión serial entre los dos Routers). Configure también una ruta predeterminada estática en el R3 señalando al R1 vía la conexión serial entre los dos Routers y las interfaces de loopback especificadas en el diagrama.

R1#conf t  
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#inter s1/0
R1(config-if)#ip add 172.16.1.1 255.255.255.192
R1(config-if)#no shu
R1(config-if)#
*Mar  1 00:09:59.939: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#
*Mar  1 00:10:00.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#clock rate 80640

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#inter s1/0
R2(config-if)#ip add 172.16.1.2 255.255.255.192
R2(config-if)#no shu
R2(config-if)#
*Mar  1 00:10:57.499: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar  1 00:10:58.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R2(config-if)#do ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/24 ms
R2(config-if)#end

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.1
R2(config)#

R2(config)#inter loop10 
R2(config-if)#ip a
*Mar  1 00:18:45.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R2(config-if)#ip add 10.10.10.2 255.255.255.128
R2(config-if)#inter loop20
R2(config-if)#ip 
*Mar  1 00:20:55.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R2(config-if)#ip add 10.20.20.2 255.255.255.240
R2(config-if)#inter loop30
R2(config-if)#ip ad 
*Mar  1 00:21:32.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up
R2(config-if)#ip add 10.30.30.2 255.255.255.248
R2(config-if)#end

R2#sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial1/0                  172.16.1.2      YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback10                 10.10.10.2      YES manual up                    up      
Loopback20                 10.20.20.2      YES manual up                    up      
Loopback30                 10.30.30.2      YES manual up                    up      
R2#


R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.2
R1(config)#inter loop10
*Mar  1 00:27:12.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R1(config-if)#ip add 172.16.4.1 255.255.255.192
R1(config-if)#exit
R1(config)#inter loop20
*Mar  1 00:27:57.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R1(config-if)#ip add 172.17.5.1 255.255.255.248
R1(config-if)#end
R1#

R1#sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial1/0                  172.16.1.1      YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback10                 172.16.4.1      YES manual up                    up      
Loopback20                 172.17.5.1      YES manual up                    up      
R1#

R2#ping 172.16.4.1 source loop10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/84 ms
R2#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#enable secret CISCO
R2(config)#line vty 0 903
R2(config-line)#password CISCO
R2(config-line)#login
R2(config-line)#end
R2#
*Mar  1 00:35:48.115: %SYS-5-CONFIG_I: Configured from console by console
R2#

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#enable secret CISCO
R1(config)#line vty 0 903
R1(config-line)#end
*Mar  1 00:40:22.755: %SYS-5-CONFIG_I: Configured from console by console
R1#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#access 170 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet 
R2(config)#access-l 170 perm tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
R2(config)#access- 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
R2(config)#access 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2(config)#inter s1/0
R2(config-if)#ip access-group 170 in
R2(config-if)#end

R2#sh ip access-lists 170
Extended IP access list 170
    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet
    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply

R1#

R1#telnet 10.30.30.2 /source-interface loopback10
Trying 10.30.30.2 ... Open

User Access Verification


Password: 
R2>en
Password: 
R2#exit

R1#telnet 10.20.20.2 /source-interface loopback10
Trying 10.20.20.2 ... Open


User Access Verification

Password: 
R2>en
Password: 
R2#exit

R1#ping 10.10.10.2 source loopback20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
Packet sent with a source address of 172.17.5.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/80/88 ms
R1#

R2#sh ip access-lists 170
Extended IP access list 170
    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet (234 matches)
    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet (129 matches)
    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo (45 matches)
    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2#exit

R1#


IOS es genial!.
Publicado por en No hay comentarios:
Etiquetas: , , , , , ,

martes, 13 de abril de 2021

ACLs Extendido con Nombre Inbound

Configuración y aplicación extendida de ACL con nombre


1.- Configurar el nombre de host en los routers R1 y R2 ilustrados en la topología.

2.- Configurar R1 serial1/0 que es un DCE, para proporcionar una velocidad de reloj de 80640Kbps al R2. Configure la dirección IP en las interfaces seriales del R1 y R2 tal y como se ilustra en de la topología. Configure las interfaces loopback en R1.

3.- Configura RIPv2 en R1 y R2 para serial1/0 en ambos Routers y la 172.16.4.0/26 Loopback10 en R1. Configure el EIGRP usando el AS 10 en R1 y R2 para el serial1/0 en ambos routers y el Loopback 192.168.5.0/29 en R1.
Configure el OSPF usando el proceso 10 y área 0 en R1 y el serial 1/0 R2 en ambos routers y el Loopback 10.10.10.0/27 en el R1.

4.- Comprobar su configuración usando la ruta IP de la demostración en el R2 para asegurarse de que las tres rutas se vean vía los diversos Protocolos de enturamiteno configurados. Para probar la Conectividad, haga ping a las tres interfaces Loopback en el R1 desde R2. Todos deben ser accesibles.

5.- Configure un ACL extendido llamado R-ACL en R2. Esta ACL debe denegar RIPv2, permitir el EIGRP, negar el OSPF, y permitir todo el tráfico IP. Aplique este ACL entrante en Se1/0 de R2. 

6.- Publique el comando clear ip route * seguido por el comando show ip route en el R2. Si ha configurado este ACL correctamente, debe tener solamente la ruta EIGRP en la tabla de routing.

R1#conf t
R1(config)#interface serial 1/0
R1(config-if)#clock rate 80640
R1(config-if)#

loopback10 172.16.4.1/26
loopback20 192.168.5.1/29
loopback30 10.10.10.1/27

R1(config)#interface serial 1/0
R1(config-if)#ip add 172.16.1.1 255.255.255.192
R1(config-if)#no shu
R1(config-if)#
*Mar  1 00:24:02.363: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#
*Mar  1 00:24:03.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#inter s1/0
R2(config-if)#ip add 172.16.1.2 255.255.255.192
R2(config-if)#no shu
R2(config-if)#
*Mar  1 00:14:03.299: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar  1 00:14:04.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#inter loop10
R1(config-if)#ip add 
*Mar  1 00:32:01.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R1(config-if)#ip add 172.16.4.1 255.255.255.192
R1(config-if)#exit
R1(config)#inter loop20
R1(config-if)#ip a
*Mar  1 00:32:34.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R1(config-if)#ip add 192.168.5.1 255.255.255.248
R1(config-if)#exit
R1(config)#inter loop30
R1(config-if)#ip add
*Mar  1 00:33:12.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up
R1(config-if)#ip add 10.10.10.1 255.255.255.224
R1(config-if)#

R2#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/70/80 ms
R2#

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router rip
R1(config-router)#vers 2
R1(config-router)#net 172.16.1.0
R1(config-router)#net 172.16.4.0
R1(config-router)#no auto
R1(config-router)#
R1(config-router)#router eigrp 10
R1(config-router)#net 172.16.1.0 0.0.0.63
R1(config-router)#net 192.168.5.0
R1(config-router)#no auto
R1(config-router)#router ospf 10
R1(config-router)#net 172.16.1.0 0.0.0.63 area 0
R1(config-router)#net 10.10.10.0 0.0.0.31 area 0
R1(config-router)#end

R1#
*Mar  1 01:02:24.443: %SYS-5-CONFIG_I: Configured from console by console
R1#wri
Building configuration...
[OK]
R1#
*Mar  1 01:05:19.535: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.2 (Serial1/0) is up: new adjacency
R1#
*Mar  1 01:05:28.655: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.2 (Serial1/0) is resync: peer graceful-restart
R1#
*Mar  1 01:07:31.855: %OSPF-5-ADJCHG: Process 10, Nbr 172.16.1.2 on Serial1/0 from LOADING to FULL, Loading Done
R1#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router rip
R2(config-router)#vers 2
R2(config-router)#net 172.16.1.0
R2(config-router)#router eigrp 10
R2(config-router)#net 172.16.1.0
R2(config-router)#no
*Mar  1 00:53:24.147: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.1 (Serial1/0) is up: new adjacency
R2(config-router)#no auto
R2(config-router)#
*Mar  1 00:53:33.579: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.1 (Serial1/0) is resync: summary configured
R2(config-router)#
R2(config-router)#exit

R2(config)#router ospf 10
R2(config-router)#net 172.16.1.0 0.0.0.63 area 0
R2(config-router)#
*Mar  1 00:55:41.555: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.5.1 on Serial1/0 from LOADING to FULL, Loading Done
R2(config-router)#end
R2#
*Mar  1 00:55:53.587: %SYS-5-CONFIG_I: Configured from console by console
R2#

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/26 is subnetted, 2 subnets
R       172.16.4.0 [120/1] via 172.16.1.1, 00:00:14, Serial1/0
C       172.16.1.0 is directly connected, Serial1/0
     192.168.5.0/29 is subnetted, 1 subnets
D       192.168.5.0 [90/2297856] via 172.16.1.1, 00:04:01, Serial1/0
     10.0.0.0/32 is subnetted, 1 subnets
O       10.10.10.1 [110/65] via 172.16.1.1, 00:01:38, Serial1/0

R2#ping 172.16.4.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/28 ms
R2#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
R2#ping 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/28 ms
R2#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ip access- extend R-ACL
R2(config-ext-nacl)#deny udp any any eq 520 
R2(config-ext-nacl)#permit 88 any any 
R2(config-ext-nacl)#deny 89 any any  
R2(config-ext-nacl)#permit ip any any 
R2(config-ext-nacl)#int s1/0
R2(config-if)#ip access-group R-ACL in
R2(config-if)#^Z
R2#
*Mar  1 01:05:14.947: %SYS-5-CONFIG_I: Configured from console by console
R2#clear ip route *
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/26 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial1/0
     192.168.5.0/29 is subnetted, 1 subnets
D       192.168.5.0 [90/2297856] via 172.16.1.1, 00:00:04, Serial1/0
     10.0.0.0/32 is subnetted, 1 subnets
O       10.10.10.1 [110/65] via 172.16.1.1, 00:00:04, Serial1/0
R2#
*Mar  1 01:05:43.715: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.5.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R2#
R2#sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/26 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial1/0
     192.168.5.0/29 is subnetted, 1 subnets
D       192.168.5.0 [90/2297856] via 172.16.1.1, 00:00:49, Serial1/0
R2#

R1#ping 172.16.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/20/24 ms

R2#sh ip access-lists R-ACL
Extended IP access list R-ACL
    10 deny udp any any eq rip (129 matches)
    20 permit eigrp any any (708 matches)
    30 deny ospf any any (215 matches)
    40 permit ip any any (15 matches)
R2#

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/26 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Serial1/0
     192.168.5.0/29 is subnetted, 1 subnets
D       192.168.5.0 [90/2297856] via 172.16.1.1, 09:10:29, Serial1/0
R2#


Cisco es genial!.
Publicado por en No hay comentarios:

domingo, 11 de abril de 2021

ACLs Inbound Cisco GNS3

Configurar y aplicar Extended Numbered ACLs Inbound en GNS3:



Configurar R1 y R2 para permitir acceso vía telnet.

R2(config)#enable secret CISCO
R2(config)#line vt
R2(config)#line vty 0 903
R2(config-line)#password CISCO
R2(config-line)#login
R2(config-line)#end 
R1(config)#enable secret CISCO
R1(config)#line vt
R1(config)#line vty 0 903
R1(config-line)#password CISCO
R1(config-line)#login
R1(config-line)#end 

Implementar las direcciones IP correspondientes a las interfaces seriales 1/0, en R1 y R2.

R1#conf t
R1(config)#inter se1/0 
R1(config-if)#ip addr 172.16.1.1 255.255.255.192
R1(config-if)#no shut

R2#conf t
R2(config)#inter
R2(config)#interface se1/0
R2(config-if)#ip addr 172.16.1.2 255.255.255.192
R2(config-if)#no shut

Configurar las interfaces loopback 10,20 y 30 y sus correspondientes IPs:

R2(config)#interface loopback 10               
R2(config-if)#ip add 10.10.10.3  255.255.255.128
R2(config-if)#exit
R2(config)#interface loopback 20               
R2(config-if)#ip add 10.20.20.3  255.255.255.240
R2(config-if)#exit
R2(config)#interface loopback 30               
R2(config-if)#ip add 10.30.30.3  255.255.255.248 

Este comando establece una ruta predeterminada para subredes de destino que no están en la tabla de enrutamiento, "gateway del último recurso" configurado en su tabla de rutas IP.

R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2 
R2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1 

Access-lists (R1).

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#access-list 150 deny tcp 10.20.20.0 0.0.0.15 any eq telnet
R1(config)#access-list 150 permit tcp 10.30.30.0 0.0.0.7 any eq telnet
R1(config)#access-list 150 permit icmp 10.20.20.0 0.0.0.15 any echo
R1(config)#inter s1/0
R1(config-if)#ip access-group 150 in
R1(config-if)#^Z   

R1#sh ip access-lists 
Extended IP access list 150
    10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet
    20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet
    30 permit icmp 10.20.20.0 0.0.0.15 any echo
    40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet

R2#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
R2#telnet 172.16.1.1 /source- 
R2#telnet 172.16.1.1 /source-interface loopback
R2#telnet 172.16.1.1 /source-interface loopback 20
Trying 172.16.1.1 ... 
% Destination unreachable; gateway or host down

R2#telnet 172.16.1.1 /source-interface loopback 30
Trying 172.16.1.1 ... Open

User Access Verification

Password: 
R1>en
Password: 
R1#exit

[Connection to 172.16.1.1 closed by foreign host]

R2#ping 172.16.1.1 source 10.20.20.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.20.3 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
R2#telnet 172.16.1.1 /source-interface loopback 10
Trying 172.16.1.1 ... Open

User Access Verification

Password: 
R1>en
Password: 
R1#exit

Permitir ping a la interface serial 1/0 de R1

R1(config)#access-list 150 permit icmp 172.16.1.0 0.0.0.127 any echo

R1#sh ip access-lists 
Extended IP access list 150
    10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet (3 matches)
    20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet (174 matches)
    30 permit icmp 10.20.20.0 0.0.0.15 any echo (30 matches)
    40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet (111 matches)
    50 permit icmp 172.16.1.0 0.0.0.63 any echo (15 matches)
R1#

R2#ping 172.16.1.1                  

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/77/80 ms
R2#


GNS3 es genial!.
Publicado por en No hay comentarios:
Etiquetas: , , , , , ,
Suscribirse a: Entradas (Atom)