Scribd Logo
Upload

Welcome to Scribd!

  • Mẫu Quy Trình CISCO

    Uploaded by

    m4i4nhb4o
    6 views5 pages
    fvff

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    fvff

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views5 pages

    Mẫu Quy Trình CISCO

    Uploaded by

    m4i4nhb4o
    fvff

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    QUY TRNH CU HNH V P DNG:

    EXTENDED NUMBERED ACLs INBOUND


    1. L thuyt
    Extended ACLs: lc a ch ip ngun v ch ca 1 gi tin, giao thc tng Network
    layer header nh TCP, UDP, ICMP, v port numbers trong tng Transport layer header.
    Nn t gn ngun.
    Inbound: theo chiu i vo ca gi tin. Trn Router nhng gi tin s c x l thng
    qua ACL trc khi c nh tuyn i vo. Ti y nhng gi tin s dropped nu khng trng
    vi bng nh tuyn (routing table), nu gi tin (packet) c chp nhn n s c x l trc
    khi chuyn giao (transmission).

    2. M hnh

    3. Gii thch m hnh


    R1: nh cung cp dch v c IP 172.16.1.1/26 trn cng s0/0.
    R3: khch hng c IP 172.16.1.2/26 trn cng s0/0. Khch hng cn c cc cc
    loopback 10, 20, 30.
    Cu hnh ACLs Inbound trn R1 lc cc gi tin t R3 vo. C th l t cc
    loopback ca R3 vo cng s0/0 c ip 172.16.1.1 ca R1.

    4. Quy trnh thc hin


    1. t tn theo m hnh.
    2. Cu hnh IP v loopback theo m hnh. Cu hnh clock rate cho DCE.

    Trn R3: cu hnh loopback


    R3(config)#int loo 10
    R3(config-if)#ip address 10.10.10.3 255.255.255.128
    R3(config-if)#exit
    R3(config)#int loo 20
    R3(config-if)#ip address 10.20.20.3 255.255.255.240
    R3(config-if)#exit
    R3(config)#int loo 30
    R3(config-if)#ip address 10.30.30.3 255.255.255.248
    R3(config-if)#end

    3. Ping kim tra gia R1 v R3 (c 2 phi thy nhau).


    4. Route tnh t R1 qua R3 thng qua cng s0/0 c a ch IP l 172.16.1.2.
    Trn R1:
    R1(config)#ip route 0.0.0.0 0.0.0.0 serial0/0 172.16.1.2
    5. Route tnh t R3 qua R1 thng qua cng s0/0 c a ch IP l 172.16.1.1.
    Trn R3:
    R3(config)#ip route 0.0.0.0 0.0.0.0 serial0/0 172.16.1.1

    6. Ping kim tra t R1 qua R3 theo c php sau: ping <ip_address> /source <interface>
    Trn R3:
    R3#ping 172.16.1.1 source loopback10

    7. Cu hnh trn c R1 v R3 cho php Telnet.


    Trn R1:
    R1(config)#enable secret CISCO
    R1(config)#line vty 0 4
    R1(config-line)#password CISCO
    R1(config-line)#login

    Trn R3:
    R3(config)#enable secret CISCO
    R3(config)#line vty 0 4
    R3(config-line)#password CISCO
    R3(config-line)#login

    CISCO : mt khu.
    Line vty 0 4: i vi router. Trn switch l 0 15.

    8. Cu hnh extended numbered ACL trn R1.


    Trn R1:
    R1(config)#access-list 150 remark 'Allow Telnet For R3 Loopback10'
    R1(config)#access-list 150 permit tcp 10.10.10.0 0.0.0.127 any eq telnet
    R1(config)#access-list 150 remark 'Deny Telnet For R3 Loopback20'
    R1(config)#access-list 150 deny tcp 10.20.20.0 0.0.0.15 any eq telnet
    R1(config)#access-list 150 remark 'Allow Telnet For R3 Loopback30'
    R1(config)#access-list 150 permit tcp 10.30.30.0 0.0.0.7 any eq telnet
    R1(config)#access-list 150 remark 'Allow PING For R3 Loopback20'
    R1(config)#access-list 150 permit icmp 10.20.20.0 0.0.0.15 any echo

    ACL c tn 150 bao gm:


    Cho php Loo10 ca R3 telnet n R1.
    Cm Loo20 ca R3 telnet n R1
    Cho php Loo30 ca R3 telnet n R1.
    Cho php Loo20 ca R3 ping n R1.

    9. p dng ACL theo kiu inbound:


    Trn R1:
    R1(config-if)#ip access-group 150 in

    in l inbound, out l outbound.

    10. Xem li cc extended ACLs cu hnh.


    Trn R1:
    R1#show ip access-lists 150
    30 permit tcp 10.30.30.0 0.0.0.7 any eq telnet (465 matches)
    465 matches: s lng cc gi tin ph hp vi ACL t ra.

    11. Kim tra theo c php: telnet <ip_address> /source-interface <name>


    Trn R3:
    R3#telnet 172.16.1.1 /source-interface loopback10
    Trying 172.16.1.1 ... Open
    User Access Verification
    Password:
    R1#
    T loo10 ca R3 telnet n IP 172.16.1.1 cu R1.
    r hn v cch cu hnh v p dng ACL theo kiu inbound, tham kho thm
    ph lc 1.

    5. Ph lc
    Ph lc 1
    Kham kho thm ti:
    Lab 57 trong 101 CCNA Lab.
    Lab 57 trn Google Drive theo link:
    https://drive.google.com/a/eiu.edu.vn/#folders/0B3fFjQZjzWS4R1k2cTRFd0Rqck0

    You might also like