<代码>在企业中OSPF和ACL应用特别广泛,本文重点介绍OSPF与ACL用的实例讲解。 本实例企业拓扑图如下:
<代码>项目案例要求:
1。企业内网运行OSPF路由协议,区域规划如图所示,
2。财务和研发所在的区域不受其他区域链路不稳定性影响;
3. r1, R2, R3只允许被它登录管理。
4. YF和连续波之间不能互通,但都可以与它互通;
5.和YF可以访问Client1,但连续波不能访问Client1;
6. YF和连续波只能访问Server1的WWW服务,
<代码>项目规划:
分析:
CW
1. YF和连续波之间不能互通,但都可以与它互通;
2.连续波不能访问Client1;
3.连续波只能访问Server1的WWW服务,
。
1. YF和连续波之间不能互通,但都可以与它互通;
3. YF只能访问Server1的WWW服务,
1. r1, R2, R3只允许被它登录管理。
2.,它可以访问Client1;
<代码>项目实施: 阶段一:配置基本网络;
R1
sysname R1
界面GigabitEthernet0/0/0
ip地址1.1.1.254 255.255.255.0
界面GigabitEthernet0/0/1
ip地址192.168.12.1 255.255.255.0
界面GigabitEthernet0/0/2
ip地址192.168.13.1 255.255.255.0
退出
R2
sysname R2
界面GigabitEthernet0/0/0
ip地址192.168.12.2 255.255.255.0
界面GigabitEthernet0/0/1
ip地址192.168.10.254 255.255.255.0
界面GigabitEthernet0/0/2
ip地址192.168.20.254 255.255.255.0 R3
退出
sysname R3
界面GigabitEthernet0/0/0
ip地址192.168.13.2 255.255.255.0
界面GigabitEthernet0/0/1
ip地址192.168.30.254 255.255.255.0
界面GigabitEthernet0/0/2
ip地址192.168.40.254 255.255.255.0
<代码>阶段二:配置OSPF;
R1
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
area 0.0.0.1
network 1.1.1.0 0.0.0.255
quit
R2
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.12.0 0.0.0.255
area 0.0.0.2
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
stub no-summary
quit
R3
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.13.0 0.0.0.255
area 0.0.0.3
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
stub no-summary
quit
IT
sysname IT
interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
ospf 1
area 0.0.0.2
network 192.168.10.0 0.0.0.255
stub
阶段三:配置ACL,,满足企业需求;
财务部ACL设置
R3
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
acl name cw
rule 10 deny ip source 192.168.30.0 0.0.0.255 destination 1.1.1.0 0.0.0.255
rule 20 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 30 permit tcp source 192.168.30.0 0.0.0.255 destination 192.168.40.1 0 destination-port eq www
rule 40 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.40.1 0
interface GigabitEthernet0/0/1
traffic-filter inbound acl name cw
研发部ACL设置
R2
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
acl name yf
rule 10 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
rule 20 permit tcp source 192.168.20.0 0.0.0.255 destination 192.168.40.1 0 destination-port eq www
rule 30 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
interface GigabitEthernet0/0/2
traffic-filter inbound acl 3name yf
IT部ACL设置
R1
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
123
acl number 3000
rule 10 permit tcp source 1.1.1.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 destination-port eq www
rule 20 deny ip source 1.1.1.0 0.0.0.255 destination 192.168.40.1 0
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000
<代码>项目验证: 验证一:在连续波网络进行验证,如下 财务可以访问server1服务器的web服务
