|
Acl ro`yxatini sozlash (standart, extended) Ishdan maqsad
|
| bet | 5/5 | | Sana | 09.07.2024 | | Hajmi | 1,12 Mb. | | #267135 |
Ishni bajarish tartibi
Serverlarni vlan 50 ga biriktiramiz.
Switch 1 ni sozlash
Switch>enable
Switch#conf t
Switch(config)#hostname Sw1
Sw1 (config)#vlan 50
Sw1 (config-vlan)#exit
Sw1 (config)#interface range fastEthernet 0/1-4
Sw1 (config-if-range)#switchport mode access
Sw1 (config-if-range)#switchport access vlan 50
Sw1 (config-if-range)#exit
Sw1 (config)#int fa0/5
Sw1 (config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan 50
Switch(config-if)#exit
Switch 2 sozlash
Switch>en
Switch#conf t
Switch(config)#hostname Sw2
Sw2 (config)#vlan 10
Sw2 (config-vlan)#vlan 20
Sw2(config-vlan)#vlan 30
Sw2(config-vlan)#vlan 40
Sw2 (config-vlan)#vlan 50
Sw2 (config-vlan)#exit
Sw2(config)# interface fastEthernet 0/1
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport trunk allowed vlan 50
Sw2(config-if)#exit
Sw2(config)# interface fastEthernet 0/3
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 10
Sw2(config-if)#exit
Sw2(config)#interface fastEthernet 0/4
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 20
Sw2(config-if)#exit
Sw2(config)# interface fastEthernet 0/5
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 30
Sw2(config-if)#exit
Sw2(config)# interface fastEthernet 0/6
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 40
Sw2(config-if)#exit
Sw2(config)# interface fastEthernet 0/2
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport trunk allowed vlan 10,20,30,40,50
Sw2(config-if)#exit
Router ni sozlash
Router>en
Router#configure terminal
Router(config)#int fa 0/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int fa 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.30
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.3.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.40
Router(config-subif)#encapsulation dot1Q 40
Router(config-subif)#ip address 192.168.4.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.50
Router(config-subif)#encapsulation dot1Q 50
Router(config-subif)#ip address 192.168.5.1 255.255.255.0
Router(config-subif)#exit
Routerga quyidagi komanda yoziladi:
Router(config)#
Router(config)#ip access-list extended TEST
Router(config-ext-nacl)#permit icmp any any
Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.2 eq 80
Router(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 host 192.168.5.3 eq 80
Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 20
Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 21
Router(config-ext-nacl)#permit tcp 192.168.4.0 0.0.0.255 host 192.168.5.5 eq 80
Router(config-ext-nacl)#exit
Router(config)#int fastEthernet 0/0.50
Router(config-subif)#ip access-group TEST out
Router(config-subif)#exit
Topshiriq
Har bir talaba yuqoridagilarni ko’rsatilgan tartibda bajaradi qurilmani nomlashda ismidan foydalanishi lozim.
Nazorat savollari
ACL nima?
ACL ning qanday turlari mavjud?
ACL qanday maqsadlarda ishlatiladi?
Video trafikni o‘tkazmaslik uchun qanday buyruq yoziladi?
Internet trafigini o‘tkazish uchun qanday buyruq yoziladi?
ACL ro‘yxati tarmoqning qaysi mezonllar bo‘yicha trafiklarni filtrlaydi?
|
| |
