El poder de 01100011 Unix-FreeBSD: ACLs Extendido con Nombre Inbound

Configuración y aplicación extendida de ACL con nombre

1.- Configurar el nombre de host en los routers R1 y R2 ilustrados en la topología.

2.- Configurar R1 serial1/0 que es un DCE, para proporcionar una velocidad de reloj de 80640Kbps al R2. Configure la dirección IP en las interfaces seriales del R1 y R2 tal y como se ilustra en de la topología. Configure las interfaces loopback en R1.

3.- Configura RIPv2 en R1 y R2 para serial1/0 en ambos Routers y la 172.16.4.0/26 Loopback10 en R1. Configure el EIGRP usando el AS 10 en R1 y R2 para el serial1/0 en ambos routers y el Loopback 192.168.5.0/29 en R1.

Configure el OSPF usando el proceso 10 y área 0 en R1 y el serial 1/0 R2 en ambos routers y el Loopback 10.10.10.0/27 en el R1.

4.- Comprobar su configuración usando la ruta IP de la demostración en el R2 para asegurarse de que las tres rutas se vean vía los diversos Protocolos de enturamiteno configurados. Para probar la Conectividad, haga ping a las tres interfaces Loopback en el R1 desde R2. Todos deben ser accesibles.

5.- Configure un ACL extendido llamado R-ACL en R2. Esta ACL debe denegar RIPv2, permitir el EIGRP, negar el OSPF, y permitir todo el tráfico IP. Aplique este ACL entrante en Se1/0 de R2.

6.- Publique el comando clear ip route * seguido por el comando show ip route en el R2. Si ha configurado este ACL correctamente, debe tener solamente la ruta EIGRP en la tabla de routing.

R1#conf t

R1(config)#interface serial 1/0

R1(config-if)#clock rate 80640

R1(config-if)#

loopback10 172.16.4.1/26

loopback20 192.168.5.1/29

loopback30 10.10.10.1/27

R1(config)#interface serial 1/0

R1(config-if)#ip add 172.16.1.1 255.255.255.192

R1(config-if)#no shu

R1(config-if)#

*Mar 1 00:24:02.363: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

R1(config-if)#

*Mar 1 00:24:03.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R1(config-if)#

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#inter s1/0

R2(config-if)#ip add 172.16.1.2 255.255.255.192

R2(config-if)#no shu

R2(config-if)#

*Mar 1 00:14:03.299: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

R2(config-if)#

*Mar 1 00:14:04.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R2(config-if)#

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#inter loop10

R1(config-if)#ip add

*Mar 1 00:32:01.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up

R1(config-if)#ip add 172.16.4.1 255.255.255.192

R1(config-if)#exit

R1(config)#inter loop20

R1(config-if)#ip a

*Mar 1 00:32:34.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up

R1(config-if)#ip add 192.168.5.1 255.255.255.248

R1(config-if)#exit

R1(config)#inter loop30

R1(config-if)#ip add

*Mar 1 00:33:12.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up

R1(config-if)#ip add 10.10.10.1 255.255.255.224

R1(config-if)#

R2#ping 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/70/80 ms

R2#

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#router rip

R1(config-router)#vers 2

R1(config-router)#net 172.16.1.0

R1(config-router)#net 172.16.4.0

R1(config-router)#no auto

R1(config-router)#

R1(config-router)#router eigrp 10

R1(config-router)#net 172.16.1.0 0.0.0.63

R1(config-router)#net 192.168.5.0

R1(config-router)#no auto

R1(config-router)#router ospf 10

R1(config-router)#net 172.16.1.0 0.0.0.63 area 0

R1(config-router)#net 10.10.10.0 0.0.0.31 area 0

R1(config-router)#end

R1#

*Mar 1 01:02:24.443: %SYS-5-CONFIG_I: Configured from console by console

R1#wri

Building configuration...

[OK]

R1#

*Mar 1 01:05:19.535: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.2 (Serial1/0) is up: new adjacency

R1#

*Mar 1 01:05:28.655: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.2 (Serial1/0) is resync: peer graceful-restart

R1#

*Mar 1 01:07:31.855: %OSPF-5-ADJCHG: Process 10, Nbr 172.16.1.2 on Serial1/0 from LOADING to FULL, Loading Done

R1#

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#router rip

R2(config-router)#vers 2

R2(config-router)#net 172.16.1.0

R2(config-router)#router eigrp 10

R2(config-router)#net 172.16.1.0

R2(config-router)#no

*Mar 1 00:53:24.147: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.1 (Serial1/0) is up: new adjacency

R2(config-router)#no auto

R2(config-router)#

*Mar 1 00:53:33.579: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.1 (Serial1/0) is resync: summary configured

R2(config-router)#

R2(config-router)#exit

R2(config)#router ospf 10

R2(config-router)#net 172.16.1.0 0.0.0.63 area 0

R2(config-router)#

*Mar 1 00:55:41.555: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.5.1 on Serial1/0 from LOADING to FULL, Loading Done

R2(config-router)#end

R2#

*Mar 1 00:55:53.587: %SYS-5-CONFIG_I: Configured from console by console

R2#

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/26 is subnetted, 2 subnets

R 172.16.4.0 [120/1] via 172.16.1.1, 00:00:14, Serial1/0

C 172.16.1.0 is directly connected, Serial1/0

192.168.5.0/29 is subnetted, 1 subnets

D 192.168.5.0 [90/2297856] via 172.16.1.1, 00:04:01, Serial1/0

10.0.0.0/32 is subnetted, 1 subnets

O 10.10.10.1 [110/65] via 172.16.1.1, 00:01:38, Serial1/0

R2#ping 172.16.4.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/28 ms

R2#ping 192.168.5.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms

R2#ping 10.10.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/28 ms

R2#

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#ip access- extend R-ACL

R2(config-ext-nacl)#deny udp any any eq 520

R2(config-ext-nacl)#permit 88 any any

R2(config-ext-nacl)#deny 89 any any

R2(config-ext-nacl)#permit ip any any

R2(config-ext-nacl)#int s1/0

R2(config-if)#ip access-group R-ACL in

R2(config-if)#^Z

R2#

*Mar 1 01:05:14.947: %SYS-5-CONFIG_I: Configured from console by console

R2#clear ip route *

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/26 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Serial1/0

192.168.5.0/29 is subnetted, 1 subnets

D 192.168.5.0 [90/2297856] via 172.16.1.1, 00:00:04, Serial1/0

10.0.0.0/32 is subnetted, 1 subnets

O 10.10.10.1 [110/65] via 172.16.1.1, 00:00:04, Serial1/0

R2#

*Mar 1 01:05:43.715: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.5.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

R2#

R2#sh ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/26 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Serial1/0

192.168.5.0/29 is subnetted, 1 subnets

D 192.168.5.0 [90/2297856] via 172.16.1.1, 00:00:49, Serial1/0

R2#

R1#ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/20/24 ms

R2#sh ip access-lists R-ACL

Extended IP access list R-ACL

10 deny udp any any eq rip (129 matches)

20 permit eigrp any any (708 matches)

30 deny ospf any any (215 matches)

40 permit ip any any (15 matches)

R2#

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/26 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Serial1/0

192.168.5.0/29 is subnetted, 1 subnets

D 192.168.5.0 [90/2297856] via 172.16.1.1, 09:10:29, Serial1/0

R2#

Cisco es genial!.

El poder de 01100011 Unix-FreeBSD

Páginas

martes, 13 de abril de 2021

ACLs Extendido con Nombre Inbound

No hay comentarios:

Publicar un comentario