带Established选项的扩展访问列表
拓扑:
R2-(S2/0)——(S2/0)-R1(S2/1)——(S2/1)-R3
带有Established的扩展访问列表允许内部用户访问外部网络,而拒绝外部网络访问内部网络,而没带Established的标准访问列表和扩展访问列表没有这个特性。
这个示例首先用OSPF来使全网互联。
R1
r1#sh run *Mar 1 00:25:17.275: %SYS-5-CONFIG_I: Configured from console by console Building configuration... Current configuration : 1410 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r1 ! logging queue-limit 100 ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 mpls ldp logging neighbor-changes ! ! ! ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface Serial2/0 ip address 12.1.1.1 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point serial restart_delay 0 frame-relay map ip 12.1.1.2 102 broadcast no frame-relay inverse-arp ! interface Serial2/1 ip address 13.1.1.1 255.255.255.0 encapsulation frame-relay i p ospf network point-to-point serial restart_delay 0 frame-relay map ip 13.1.1.3 113 broadcast ! interface Serial2/2 no ip address shutdown serial restart_delay 0 ! interface Serial2/3 no ip address shutdown serial restart_delay 0 ! router ospf 10 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip http server no ip http secure-server ip classless ! ! ! ! ! call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 no login ! ! end |
| 共4页: 1 [2] [3] [4] 下一页 | ||||||
|
