Configurar y aplicar Extended Numbered ACLs Inbound en GNS3:
Configurar R1 y R2 para permitir acceso vía telnet.
R2(config)#enable secret CISCO
R2(config)#line vt
R2(config)#line vty 0 903
R2(config-line)#password CISCO
R2(config-line)#login
R2(config-line)#end
R1(config)#enable secret CISCO
R1(config)#line vt
R1(config)#line vty 0 903
R1(config-line)#password CISCO
R1(config-line)#login
R1(config-line)#end
Implementar las direcciones IP correspondientes a las interfaces seriales 1/0, en R1 y R2.
R1#conf t
R1(config)#inter se1/0
R1(config-if)#ip addr 172.16.1.1 255.255.255.192
R1(config-if)#no shut
R2#conf t
R2(config)#inter
R2(config)#interface se1/0
R2(config-if)#ip addr 172.16.1.2 255.255.255.192
R2(config-if)#no shut
Configurar las interfaces loopback 10,20 y 30 y sus correspondientes IPs:
R2(config)#interface loopback 10
R2(config-if)#ip add 10.10.10.3 255.255.255.128
R2(config-if)#exit
R2(config)#interface loopback 20
R2(config-if)#ip add 10.20.20.3 255.255.255.240
R2(config-if)#exit
R2(config)#interface loopback 30
R2(config-if)#ip add 10.30.30.3 255.255.255.248
Este comando establece una ruta predeterminada para subredes de destino que no están en la tabla de enrutamiento, "gateway del último recurso" configurado en su tabla de rutas IP.
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2
R2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1
Access-lists (R1).
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 150 deny tcp 10.20.20.0 0.0.0.15 any eq telnet
R1(config)#access-list 150 permit tcp 10.30.30.0 0.0.0.7 any eq telnet
R1(config)#access-list 150 permit icmp 10.20.20.0 0.0.0.15 any echo
R1(config)#inter s1/0
R1(config-if)#ip access-group 150 in
R1(config-if)#^Z
R1#sh ip access-lists
Extended IP access list 150
10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet
20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet
30 permit icmp 10.20.20.0 0.0.0.15 any echo
40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet
R2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
R2#telnet 172.16.1.1 /source-
R2#telnet 172.16.1.1 /source-interface loopback
R2#telnet 172.16.1.1 /source-interface loopback 20
Trying 172.16.1.1 ...
% Destination unreachable; gateway or host down
R2#telnet 172.16.1.1 /source-interface loopback 30
Trying 172.16.1.1 ... Open
User Access Verification
Password:
R1>en
Password:
R1#exit
[Connection to 172.16.1.1 closed by foreign host]
R2#ping 172.16.1.1 source 10.20.20.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.20.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
R2#telnet 172.16.1.1 /source-interface loopback 10
Trying 172.16.1.1 ... Open
User Access Verification
Password:
R1>en
Password:
R1#exit
Permitir ping a la interface serial 1/0 de R1
R1(config)#access-list 150 permit icmp 172.16.1.0 0.0.0.127 any echo
R1#sh ip access-lists
Extended IP access list 150
10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet (3 matches)
20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet (174 matches)
30 permit icmp 10.20.20.0 0.0.0.15 any echo (30 matches)
40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet (111 matches)
50 permit icmp 172.16.1.0 0.0.0.63 any echo (15 matches)
R1#
R2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/77/80 ms
R2#
No hay comentarios:
Publicar un comentario