作業
(LAN 部分使用 215.61.xxx/24,
WAN 部分使用 182.71.xxx/24,
xxx代表學號末3碼,
學號末3碼超過250,使用末2碼)
模擬練習
1.明瞭OSPF動態繞送的運作原理
2.明瞭Access Control List工作原理
步驟:
1. PC1 tracert PC6
2. In Router 1,Router 2, Router3, Router4
刪除所有EIGRP路由
conf t
no router eigrp 100
router ospf 100
network 211.81.xxx.0 0.0.0.255 area 0
network 151.61.0.0 0.0.255.255 area 0
3. R1 s0/2 斷線
conf t
int s0/2
shutdown
4.等待一段時間並觀察路由表 PC1 tracert PC6
作業圖 I Router 1 的 OSPF routing table
作業圖 II Router1 s0/2 斷線前後 PC1 tracert PC6 (三步變成四步)
I. 標準 ACL
實驗要求:不允許172.16.0.0/16, 192.168.2.0/24, 192.168.3.1連線至PC1。
For router 1
en
conf t
access-list 1 deny 172.16.0.0 0.0.255.255
access-list 1 deny 192.168.2.0 0.0.0.255
access-list 1 deny host 192.168.3.1
access-list 1 permit any
int f0/0
ip access-group 1 out
exit
exit
copy run start
sh ip int f0/0
作業圖 III
Router 1 的組態
作業圖 IV
PC1 Tracert PC6 & PC2
II.延伸ACL
實驗要求:Router 2 只允許由 Router 3 來telnet。
For router 2
en
conf t
line vty 0 4
login
password xxxxxx
exit
access-list 101 permit tcp host 172.16.2.253 any eq telnet
access-list 101 permit tcp host 172.16.3.254 any eq telnet
access-list 101 permit tcp host 172.16.5.253 any eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
int s0/1
ip access-group 101 in
int f0/1
ip access-group 101 in
exit
exit
copy run start
sh start
作業圖 V
Router 2 的組態
作業圖 VI
Router 3 telnet Router 2
作業圖 VII
Router 1 telnet Router 2
III.延伸ACL - PING
實驗要求:Router 3 只允許由 PC6 來 ping。
For router 3
en
conf t
access-list 101 permit icmp host 192.168.3.1 any
access-list 101 deny icmp any any
access-list 101 permit ip any any
int s0/0
ip access-group 101 in
int s0/2
ip access-group 101 in
int f0/0
ip access-group 101 in
int f0/1
ip access-group 101 in
exit
exit
copy run start
sh start