⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 ipconf1.htm

📁 cisco中文资料,交换机的架构,信号流......
💻 HTM
📖 第 1 页 / 共 2 页
字号:
🔍
12 
    </tr>
    <tr>
        <td><font color="#000000" size="3">定义标准的</font><font
        size="3">IP过滤表</font></td>
        <td><strong>access-list </strong><em>access-list-number </em>{<strong>deny
        </strong>| <strong>permit</strong> } <em>source </em>[<em>source-wildcard</em>]</td>
    </tr>
    <tr>
        <td><font color="#000000" size="3">用any来定义标准的</font><font
        size="3">IP过滤表</font></td>
        <td><strong>access-list </strong><em>access-list-number </em>{<strong>deny
        </strong>| <strong>permit</strong> } <strong>any</strong></td>
    </tr>
</table>

<p><font color="#000000" size="3">标准的</font><font size="3">IP过滤表的表号
1-99.</font></p>

<p><font color="#000000" size="3">在Global配置模式下,定义</font><font
color="#808080"><em><strong>扩展的IP过滤表</strong></em></font><font
color="#808080" size="3">:</font></p>

<table border="2" bordercolordark="#808080"
bordercolorlight="#808080">
    <tr>
        <td><strong>功 能</strong></td>
        <td><strong>命 令</strong></td>
    </tr>
    <tr>
        <td><font color="#000000" size="3">定义扩展的</font><font
        size="3">IP过滤表</font></td>
        <td><strong>access-list </strong><em>access-list-number </em>{<strong>deny
        </strong>| <strong>permit</strong> } {<em>protocol </em>|
        <em>protocol-keyword </em>} {<em>source source-wildcard </em>|
        <strong>any</strong> } {<em>destination
        destination-wildcard </em>| <strong>any</strong> } [<strong>precedence
        </strong><em>precedence </em>] [<strong>tos </strong><em>tos</em>]</td>
    </tr>
</table>

<p><font color="#000000" size="3">扩展的</font><font size="3">IP过滤表的表号
100-199.<br>
协议关键字有icmp,igmp,tcp,udp.</font></p>

<p>在端口配置模式下,<font color="#808080"><em><strong>把某个IP过滤表加到端口上</strong></em></font><font
color="#808080" size="3">:</font></p>

<table border="2" bordercolordark="#808080"
bordercolorlight="#808080">
    <tr>
        <td><strong>功 能</strong></td>
        <td><strong>命 令</strong></td>
    </tr>
    <tr>
        <td>把某个<font size="3">IP过滤表加到端口上</font></td>
        <td><strong>ip access-list </strong><em>access-list-number
        </em>{<strong>in </strong>| <strong>out</strong> } </td>
    </tr>
</table>

<p>有关<font size="3">IP过滤表</font>配置,请看&quot;<a
href="#index253"><font color="#00FF00">IP Access List
Configuration Example</font></a>&quot; 的举例说明.</p>

<p> </p>

<hr>

<p><a name="index4"></a><font color="#008080" size="4"><em><strong>配置IP通过广域网</strong></em></font></p>

<p>你可以配置IP通过X.25,SMDS,Frame Relay和DDR网络.详细内容请参阅<a
href="wanconf.htm"><font color="#00FF00">广域网配置向导</font></a>.</p>

<p> </p>

<hr>

<p><a name="index5"></a><font color="#008080" size="4"><em><strong>监控和维护IP
网络</strong></em></font></p>

<p>监控和维护你的网络,请完成以下工作:</p>

<p><font color="#808080"><em><strong>清除缓存,表单和数据库</strong></em></font></p>

<p>在 EXEC模式下:</p>

<table border="2" bordercolordark="#808080"
bordercolorlight="#808080">
    <tr>
        <td><strong>功 能</strong></td>
        <td><strong>命 令</strong></td>
    </tr>
    <tr>
        <td>清除IP ARP<font size="3">缓存和快速交换缓存</font></td>
        <td><strong>clear arp-cache</strong></td>
    </tr>
    <tr>
        <td>在主机和地址缓存中去掉一个或所有实体</td>
        <td><strong>clear host </strong>{<em>name </em>| * }</td>
    </tr>
    <tr>
        <td>清除一个活动端口累计通过的包数</td>
        <td><strong>clear ip accouting </strong>[<strong>checkpoint</strong>]</td>
    </tr>
    <tr>
        <td>在路由表中去掉一个或多个路由信息</td>
        <td><strong>clear ip route </strong>{<em>network </em>[<em>mask</em>]
        | * }</td>
    </tr>
</table>

<p><font color="#808080"><em><strong>显示系统和网络的状态</strong></em></font></p>

<p>在 EXEC模式下:</p>

<table border="2" bordercolordark="#808080"
bordercolorlight="#808080">
    <tr>
        <td><strong>功 能</strong></td>
        <td><strong>命 令</strong></td>
    </tr>
    <tr>
        <td>显示ARP表</td>
        <td><strong>show arp</strong></td>
    </tr>
    <tr>
        <td>显示名字缓存</td>
        <td><strong>show hosts</strong></td>
    </tr>
    <tr>
        <td>显示当前IP<font size="3">过滤表的内容</font></td>
        <td><strong>show ip access-list</strong> [<em>access-list-number
        </em>| <em>name</em> ]</td>
    </tr>
    <tr>
        <td>显示当前活动端口累计通过的包数</td>
        <td><strong>show ip accouting </strong>[<strong>checkpoint</strong>]</td>
    </tr>
    <tr>
        <td>显示IP ARP表</td>
        <td><strong>show ip arp</strong></td>
    </tr>
    <tr>
        <td>显示某一个端口状态</td>
        <td><strong>show ip interface </strong>[<em>type number </em>]</td>
    </tr>
    <tr>
        <td>显示目前的路由表</td>
        <td><strong>show ip route</strong> [<em>address </em>[<em>mask</em>]|<em>protocol
        </em>]</td>
    </tr>
    <tr>
        <td>测试网络是否通</td>
        <td><strong>ping </strong>[<em>protocol</em>]{<em>host</em>
        |<em>address</em>}</td>
    </tr>
</table>

<p> </p>

<hr>

<p><a name="index251"></a><font color="#008080" size="4"><em><strong>IP
配置实例</strong></em></font></p>

<ul>
    <li><a href="#index255"><font color="#008080" size="3">Creat</font><font
        color="#008080" size="2"> </font><font color="#008080"
        size="3">a Network from</font><font color="#008080">
        Separates Subnets Example</font></a></li>
</ul>

<ul>
    <li><a href="#index 254"><font color="#008080">Serial
        Interface Configuration Example</font></a></li>
</ul>

<ul>
    <li><a href="#index253"><font color="#008080">IP Access List
        Configuration Example</font></a></li>
</ul>

<blockquote>
    <ul>
        <li><a href="#index12"><font color="#008080">标准IP</font><font
            color="#008080" size="3">过滤表配置实例</font></a></li>
    </ul>
</blockquote>

<blockquote>
    <ul>
        <li><a href="#index13"><font color="#008080" size="3">限定虚拟终端访问实例</font></a></li>
    </ul>
</blockquote>

<blockquote>
    <ul>
        <li><a href="#index14"><font color="#008080" size="3">扩展</font><font
            color="#008080">IP</font><font color="#008080"
            size="3">过滤表配置实例</font></a></li>
    </ul>
</blockquote>

<ul>
    <li><a href="#index252"><font color="#008080">Ping Command
        Example</font></a></li>
</ul>

<p><a name="index255"></a><font size="3"><strong>Creat</strong></font><font
size="2"><strong> </strong></font><font size="3"><strong>a
Network from</strong></font><strong> Separates Subnets Example</strong></p>

<p>在下面例子中,subnet 1和subnet 2被主干网分开.</p>

<p><img src="gif/s1016a.gif" width="337" height="239"></p>

<p align="left">Configuration for Router B</p>

<pre><font size="4">interface ethernet 2
ip address 192.5.10.1 255.255.255.0
ip address 131.108.3.1 255.255.255.0 secondary</font></pre>

<p align="left">Configuration for Router C</p>

<pre><font size="4">interface ethernet 1
ip address 192.5.10.2 255.255.255.0
ip address 131.108.3.2 255.255.255.0 secondary
</font></pre>

<p><a name="index 254"></a><strong>Serial Interface Configuration
Example</strong></p>

<p>在下面的例子中,把Ethernet 0的地址赋予Serial 1.
Serial 1是unnumbered.</p>

<pre><font size="4">interface ethernet 0
ip address 145.22.4.67 255.255.255.0
interface serial 1
ip unnumbered ethernet 0</font></pre>

<p><a name="index253"></a><strong>IP Access List Configuration
Example</strong></p>

<p><a name="index12"></a>标准IP<font size="3">过滤表配置实例:</font></p>

<p><font size="3">该例表明在36.48.0.0这个网段上只允许B机(36.48.0.3)与A机通信,其它的36.0.0.0的网段如36.51.0.0可以与A机通信,而其它的如Internet用户均被过滤掉了.</font></p>

<p><img src="mm/tt3909.GIF" width="479" height="199"></p>

<p><font size="3">Configuration for Router A</font></p>

<p><font size="3">access-list 2 permit 36.48.0.3<br>
access-list 2 deny 36.48.0.0 0.0.255.255<br>
access-list 2 permit 36.0.0.0 0.255.255.255<br>
!(Note:all other access denied)<br>
interface ethernet 0<br>
ip access-group 2 in<br>
</font></p>

<p><a name="index13"></a><font size="3">限定虚拟终端访问实例:</font></p>

<p><font size="3">该例只允许在192.89.55.0这个网段上的主机访问路由器.</font></p>

<p><font size="3">Configuration for Router</font></p>

<p><font size="3">access-list12 permit 192.89.55.0 0.0.0.255<br>
!<br>
line vty 0 4<br>
access-class 12 in</font></p>

<p><a name="index14"></a><font size="3">扩展</font>IP<font
size="3">过滤表配置实例:</font></p>

<p><font size="3">该例允许内部网的所有主机都能登录上Internet,并且A机作smtp-server,B机作Web
Server,C机作域名服务器,FTP服务器和邮件服务器.</font></p>

<p><img src="bit4.gif" width="359" height="131"></p>

<p><font size="3">Configuration for Router</font></p>

<p><font size="3">!Allow existing TCP connection<br>
access-list 105 permit tcp any any established<br>
!Allow ICMP messages<br>
access-list 105 permit icmp any any<br>
!Allow SMTP to one host<br>
access-list 105 permit tcp any host 201.236.15.14 eq smtp<br>
!Allow WWW to server (other services may be required)<br>
access-list 105 permit tcp any host 201.222.11.5 eq www<br>
!Allow DNS,FTP command and data,and smtpto another host<br>
access-list 105 permit any host 201.222.11.7 eq domain<br>
access-list 105 permit any host 201.222.11.7 eq 42<br>
access-list 105 permit any host 201.222.11.7 eq ftp<br>
access-list 105 permit any host 201.222.11.7 eq ftp-data<br>
access-list 105 permit any host 201.222.11.7 eq smtp<br>
!<br>
interface serial 0<br>
ip access-group 105 in<br>
</font></p>

<p><a name="index252"></a><strong>Ping Command Example</strong></p>

<p>在例子中,目的地址是131.108.1.111.源地址是131.108.105.62.</p>

<p>Sandbox#<b> ping</b><br>
Protocol [ip]:<br>
Target IP address: <b>131.108.1.111<br>
</b>Repeat count [5]:<strong>10</strong><br>
Datagram size [100]:<strong>64</strong><br>
Timeout in seconds [2]:<br>
Extended commands [n]:<br>
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to
131.108.1.111, timeout is 2 seconds:<br>
!!!!!!!!!!<br>
Success rate is 100 percent, round-trip min/avg/max = 4/<font
face="Times New Roman">4/4 ms</font></p>

<hr>

<p><img src="zijin%20copywrite.GIF" width="600" height="48"></p>
</body>
</html>
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -