Páginas

miércoles, 14 de abril de 2021

Configuración de ACL numeradas extendidas En GNS3

Configuración y aplicación de ACL numeradas extendidas En GNS3




Filtro extendido de ACL basado en la dirección de origen y destino, así como los protocolos de capa 4 TCP y UDP.

1.- Configurar los nombres de host en R1 y R2

2.- Configurar en R1 s1/0 como DCE para proveer un clock rate de
80640kbps a R2 más sus correspondientes direcciones IP.

3.- Configurar una ruta predeterminada estática en el R1 señalando a R2 (sobre la conexión serial entre los dos Routers). Configure también una ruta predeterminada estática en el R3 señalando al R1 vía la conexión serial entre los dos Routers y las interfaces de loopback especificadas en el diagrama.

R1#conf t  
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#inter s1/0
R1(config-if)#ip add 172.16.1.1 255.255.255.192
R1(config-if)#no shu
R1(config-if)#
*Mar  1 00:09:59.939: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#
*Mar  1 00:10:00.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#clock rate 80640

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#inter s1/0
R2(config-if)#ip add 172.16.1.2 255.255.255.192
R2(config-if)#no shu
R2(config-if)#
*Mar  1 00:10:57.499: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar  1 00:10:58.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R2(config-if)#do ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/24 ms
R2(config-if)#end

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.1
R2(config)#

R2(config)#inter loop10 
R2(config-if)#ip a
*Mar  1 00:18:45.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R2(config-if)#ip add 10.10.10.2 255.255.255.128
R2(config-if)#inter loop20
R2(config-if)#ip 
*Mar  1 00:20:55.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R2(config-if)#ip add 10.20.20.2 255.255.255.240
R2(config-if)#inter loop30
R2(config-if)#ip ad 
*Mar  1 00:21:32.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up
R2(config-if)#ip add 10.30.30.2 255.255.255.248
R2(config-if)#end

R2#sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial1/0                  172.16.1.2      YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback10                 10.10.10.2      YES manual up                    up      
Loopback20                 10.20.20.2      YES manual up                    up      
Loopback30                 10.30.30.2      YES manual up                    up      
R2#


R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.2
R1(config)#inter loop10
*Mar  1 00:27:12.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R1(config-if)#ip add 172.16.4.1 255.255.255.192
R1(config-if)#exit
R1(config)#inter loop20
*Mar  1 00:27:57.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R1(config-if)#ip add 172.17.5.1 255.255.255.248
R1(config-if)#end
R1#

R1#sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial1/0                  172.16.1.1      YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback10                 172.16.4.1      YES manual up                    up      
Loopback20                 172.17.5.1      YES manual up                    up      
R1#

R2#ping 172.16.4.1 source loop10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/84 ms
R2#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#enable secret CISCO
R2(config)#line vty 0 903
R2(config-line)#password CISCO
R2(config-line)#login
R2(config-line)#end
R2#
*Mar  1 00:35:48.115: %SYS-5-CONFIG_I: Configured from console by console
R2#

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#enable secret CISCO
R1(config)#line vty 0 903
R1(config-line)#end
*Mar  1 00:40:22.755: %SYS-5-CONFIG_I: Configured from console by console
R1#

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#access 170 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet 
R2(config)#access-l 170 perm tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
R2(config)#access- 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
R2(config)#access 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2(config)#inter s1/0
R2(config-if)#ip access-group 170 in
R2(config-if)#end

R2#sh ip access-lists 170
Extended IP access list 170
    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet
    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet
    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo
    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply

R1#

R1#telnet 10.30.30.2 /source-interface loopback10
Trying 10.30.30.2 ... Open

User Access Verification


Password: 
R2>en
Password: 
R2#exit

R1#telnet 10.20.20.2 /source-interface loopback10
Trying 10.20.20.2 ... Open


User Access Verification

Password: 
R2>en
Password: 
R2#exit

R1#ping 10.10.10.2 source loopback20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
Packet sent with a source address of 172.17.5.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/80/88 ms
R1#

R2#sh ip access-lists 170
Extended IP access list 170
    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet (234 matches)
    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet (129 matches)
    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo (45 matches)
    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply
R2#exit

R1#


IOS es genial!.
Publicado por en
Etiquetas: , , , , , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)