📄 verifyextaccesslist.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Show Lab</title>
</head>
<body>
<script language="Javascript">
<!--
function printpage() {
if (window.print)
window.print()
else
alert("Sorry, your browser doesn't support this feature.");
}
//-->
</script>
<FORM>
<INPUT TYPE="button" VALUE="Print this page" onClick="printpage()">
</FORM>
<p><font face="Arial, Arial, Helvetica" color="#008000" size="4"><b>Lab: Verify
Extended Access Lists</b></font></p>
<p><font face="Arial, Arial, Helvetica"><i>Objective</i>:
To verify access-list are configured correctly.<br>
<i>Prerequisite</i>: Must have
completed the <a href="ExtAclLab.htm">Extended Access-List lab.</a><br>
<i>Lab Equipment</i>: We
will be using eRouter 4. To select eRouter 4 click on the button "eRouter
4" located at the top of the screen.</font></p>
<p> </p>
<p><b><font face="Arial"><font color="#FF00FF">1</font>.</font></b> We should now
test and see if our access-lists are working properly.
<span style="font:7.0pt "Times New Roman""> </span>Connect to
eRouter 4 and try to ping eRouter1抯 S0. You should not be able to ping the serial
interface.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer</option>
<option>Router>enable</option>
<option>Router#</option>
<option>Router#config t</option>
<option>Router(config)#hostname eRouter4</option>
<option>eRouter4(config)#</option>
<option>eRouter4(config)#end</option>
<option>eRouter4#ping 24.17.2.17</option>
</select></p>
<p><b><font color="#FF00FF">2</font>.</b> Now that we verified the access-list is
blocking ping we need to allow telnet.<span style="font-family: Times New Roman; font-size: 7pt">
</span>Connect to eRouter 1 and enable telnet access then set the password to
boson.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>Router>enable</option>
<option>Router#</option>
<option>Router#conf t</option>
<option>Router(config)#hostname eRouter1</option>
<option>eRouter1(config)#</option>
<option>eRouter1(config)#line vty 0 4</option>
<option>eRouter1(config-line)#login</option>
<option>eRouter1(config-line)#password boson</option>
<option>eRouter1(config-line)#exit</option>
</select></p>
<p><b><font color="#FF00FF">3</font>.</b> Now connect back to eRouter 4 and try to
telnet into eRouter 1.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter4#telent 24.17.2.17</option>
</select></p>
<p><font color="#FF00FF"><b>4.</b> </font>If you are given telnet access you
should see the router prompt change to eRouter1. Now hold down the control-shift-6-x keys down all at once to change back to eRouter4. Then type
disconnect 1 to close your connection to eRouter 1. Congratulations one of your
access-lists worked.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>control+shift+6+x</option>
<option>eRouter4#disconnect 1</option>
</select></p>
<p><b><font color="#FF00FF">5.</font></b> Now connect to eRouter 2 and see if you
can ping eRouter 4抯 Serial 0 interface</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>Router>enable</option>
<option>Router#</option>
<option>Router#config t</option>
<option>Router(config)#hostname eRouter2</option>
<option>eRouter2(config)#</option>
<option>eRouter2(config)#end</option>
<option>eRouter2#ping 24.17.2.183</option>
</select></p>
<p><font color="#FF00FF"><b>6.</b> </font>
Why can't you ping the interface? Let's think about how the packet travels
through the network. The packet starts at eRouter2, goes through eRouter1, and
makes it to eRouter 4. Once it arrives at eRouter4 it is repackaged and sent back
to eRouter 1. When eRouter4 repackages the packet, the packet's source ip becomes
the destination ip and the destination IP becomes the source IP. When the packet
encounters the access-list on eRouter1's Serial 0 interface it is blocked because
the packet's source IP is eRouter4's Serial 0 address.</p>
<font SIZE="2">
<p></p>
<p></p>
<p></p>
<p></p>
<p></p>
</font>
<p><font color="#FF00FF"><b>7.</b> </font>Now connect to eRouter2 and see if you can
ping eRouter1's Ethernet 0 interface (24.17.2.2)</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter2#ping 24.17.2.2</option>
</select></p>
<p><font color="#FF00FF"><b>8.</b> </font>
<span style="font:7.0pt "Times New Roman""> </span>If you can,
congratulations, see if you can further test it by telnetting to eRouter 1.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter2#telent 24.17.2.1</option>
<option>control+shift+6+x</option>
<option>eRouter2#disconnect 1</option>
</select></p>
<p><font color="#FF00FF"><b>9.</b> </font>
<span style="font:7.0pt "Times New Roman""> </span>To verify that
our access-lists are on our interfaces show the running configuration.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter1#show running-config</option>
</select></p>
<p><font color="#FF00FF"><b>10.</b> </font>You can also view what access-lists are
applied to the interfaces using the show IP interfaces command.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter1#show ip interfaces</option>
</select></p>
<p><font color="#FF00FF"><b>11.</b> </font>The command show access-lists
will show you what access-lists you have created on the router. It will also
tell you what lines have been used and how many packets they have either
permitted or denied.</p>
<p><select size="1" name="D1">
<option selected>- Click here to View Answer -</option>
<option>eRouter1#show access-lists</option>
</select></p>
<p> </p>
<p><font face="Arial" size="2"><span class="724482219-24092001">Copyright (c)
1998-2003 Boson Software, Inc. All Rights Reserved.</span></font></p>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -