2014年5月23日 星期五

ipv6與acl

終於完成符合要求的設定。心得是:
1.在 line vty 用 ipv6 access-list ,不知是那裡不對,就是那裡不對,很煩!
2.改在介面用 ipv6 traffic-filter後,才完成。(有時間再試line vty 用 ipv6 access-list )。
3.拓樸圖及條件如下圖。
4. 設定如下:
4.1  R1
r1(config)#DO SHOW RUN
Building configuration...
Current configuration : 1236 bytes
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname r1
ipv6 unicast-routing
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 no ip address
 ipv6 address 2001:1:1:2::1/64
 ipv6 rip 1 enable
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 no ip address
 ipv6 traffic-filter P_vlan2toRouter in
 ipv6 address 2001:1:1:3::1/64
 ipv6 rip 1 enable
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
interface Serial0/0/0
 no ip address
 ipv6 address 2001:1:1:1::1/64
 ipv6 rip 1 enable
 clock rate 9600
interface Serial0/0/1
 no ip address
 shutdown
interface Vlan1
 no ip address
 shutdown
ipv6 router rip 1
ip classless
ipv6 access-list P_vlan2toRouter
 deny tcp 2001:1:1:3::/64 host 2001:1:1:3::1 eq telnet
 deny tcp 2001:1:1:3::/64 host 2001:1:1:1::2 eq telnet
 permit ipv6 any any
line con 0
line vty 0
 password telnet
 login
line vty 1 4
 password telnet
 login
 history size 20
line vty 5
 password telnet
 login
 history size 20
line vty 6 15
 password telnet
 login
end
4.2 R2
r2#SHOW RUN
Building configuration...
Current configuration : 1097 bytes
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname r2
ipv6 unicast-routing
interface FastEthernet0/0
 no ip address
 ipv6 traffic-filter P_vlan2toRouter in
 ipv6 traffic-filter P_ftp out
 duplex auto
 speed auto
 ipv6 address 2001:1:1:4::1/64
 ipv6 rip 1 enable
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
interface Serial0/0/0
 no ip address
 ipv6 address 2001:1:1:1::2/64
 ipv6 rip 1 enable
interface Serial0/0/1
 no ip address
 shutdown
interface Vlan1
 no ip address
 shutdown
ipv6 router rip 1
ip classless
ipv6 access-list P_ftp
 permit tcp 2001:1:1:2::/64 host 2001:1:1:4::2 eq ftp
 deny tcp any host 2001:1:1:4::2 eq ftp
 permit ipv6 any any
ipv6 access-list P_vlan2toRouter
 deny tcp 2001:1:1:4::/64 host 2001:1:1:4::1 eq telnet
 deny tcp 2001:1:1:4::/64 host 2001:1:1:1::1 eq telnet
 permit ipv6 any any
line con 0
line vty 0 4
 password telnet
 login
line vty 5 15
 password telnet
 login
end
4.3 3560
3560#show run
Building configuration...
Current configuration : 1774 bytes
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3560
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface FastEthernet0/3
interface FastEthernet0/4
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/7
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/8
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/11
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/12
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/13
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/14
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/15
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/16
interface FastEthernet0/17
interface FastEthernet0/18
interface FastEthernet0/19
interface FastEthernet0/20
interface FastEthernet0/21
interface FastEthernet0/22
interface FastEthernet0/23
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface GigabitEthernet0/1
interface GigabitEthernet0/2
interface Vlan1
 no ip address
 shutdown
ip classless
line con 0
line vty 0 4
 login
end
4.4 2960
2960#show run
Building configuration...
Current configuration : 1603 bytes
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 2960
interface FastEthernet0/1
 switchport mode trunk
interface FastEthernet0/2
 switchport mode trunk
interface FastEthernet0/3
interface FastEthernet0/4
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/7
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/8
 switchport access vlan 2
 switchport mode access
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/11
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/12
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/13
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/14
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/15
 switchport access vlan 3
 switchport mode access
interface FastEthernet0/16
interface FastEthernet0/17
interface FastEthernet0/18
interface FastEthernet0/19
interface FastEthernet0/20
interface FastEthernet0/21
interface FastEthernet0/22
interface FastEthernet0/23
interface FastEthernet0/24
interface GigabitEthernet1/1
interface GigabitEthernet1/2
interface Vlan1
 no ip address
 shutdown
line con 0
line vty 0 4
 login
line vty 5 15
 login
end

張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)