ACL , NAT和DHCP的使用和配置
实验目的:
熟练掌握ACL,NAT和DHCP的原理以及在CISCO IOS上对它们进
行配置的方法
实验内容:
ACL的配置
NAT的配置 DHCP的配置
实验条件:
2600系列路由器两台,2900交换机一台,PC两台
ACL的配置
(一)标准ACL
Ranter Designation
Reuter Name
FAQ/D
Address
SubriBt mask
聲n吊hFg Secret password
Enable/VTY/ *
Console passwords
Rcutef i
GAD
OSQO
Slight-through ybte ■
Senai cable
Console (Rollover) ■■■才鼻■■暉曹.
Crossover cable ■■■■■■■■■•
Step 1在路由器上配置主机名和密码
Step 2配置以太网段上的PC
PC 1
IP address
Sub net mask
Default gateway
PC 2
IP address
Sub net mask
Default gateway
Step 3保存配置
GAD#opy runnin g-c onfig startup-c onfig
Step 4通过ping命令测试两台PC到缺省网关的连接性 Step 5阻止P(访问路由器的以太口
GAD(con fig)# access-list 1 de ny GAD(c on fig)# access-list 1 permit any
Step 6从路由器ping两台PC
Step 7把AC应用到接口上
GAD(config-if)# ip access-group 1 in
Step 8从两台PC ping路由器
Step 9 创建新的 ACL
access-list 2 permit
Step 10把AC应用的接口上
ip access-group 2 in
Step 11 从两台 PC ping 路由器
GADs#how running-config
version
service timestamps debug uptime
service timestamps log uptime
no service password-encryption !
hostname GAD
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
interface FastEthernet0/0
ip address
ip access-group 2 in
no ip directed-broadcast !
interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache shutdown no fair-queue
!
interface Serial0/1
no ip address
no ip directed-broadcast shutdown
!
ip classless
no ip http server
!
access-list 1 deny access-list 1 permit any
access-list 2 permit !
line con 0
transport in put none
line aux 0
line vty 0 4
!
end
(二)扩展ACL
Router
Router
FAO/0
Subnet mask
Enable
Enable/VTY/
Designation
Name
Address
Secret
Console
password
passwords
Route ir 1
GAD
192
CCNA重要实验步骤之实验2 来自淘豆网m.daumloan.com转载请标明出处.
