PacketTracer0是一款非常不错的Cisco讲解

1、Packet Tracer 5.0是一款非常不错的Cisco（思科）网络设备模拟器，对于想考思科初级认证（如CCN A ）的朋友们来说，Packet Tracer 5.0是非常不错的选择。通常我们周围并没有那么多思科的设备供我们 学习调试，参加培训费用很贵，上机实践的机会还是有限的，利用Packet Tracer 5.0练习思科IOS操作命令很不错的。近日在网上下载了思科CCNA640-802指导用书，打算根据此教程与诸位网友共同分享Packet Tracer 5.0的使用方法与技巧，也借此抛砖引玉。ACL（Access Control List，访问控制列表），简单说就是包过滤，根据数据包的

2、报头中的ip地址、协议端口号等信息进行过滤。利用ACL可以实现安全控制。编号： 1-99 or 1300-1999（standard IP），100-199 or 2000-2699（Extended IP）。ACL并不复杂，但在实际应用中的，要想恰当地应用ACL，必需要制定合理的策略。一、实验配置拓扑图16图一图二网络中的DNS服务器：ServerlPhysical Cunfi：gLOBALSettingsj宜EMICESHTTPDHCPIFTPDNS IWTERRflCEFastEthernetDesktopHTTPService OnO OffDefault Pag

3、e Content (index.html)：<:匚enterxfont size='+2' color='blue'>Pa匚k旦t TracerSrO</fontx/center><hr>Welcome to Packet Tracer 5.0 the best thing sincePacket Tracer 40<p>Quick Links:<brxa href-'helloworld.htmlA small page</a><brxa href='copyrrghts

4、.htmWCopyriqhtst/自閑僧野裨數字空間http : A hi baidu com/senya图三 网络中的 WWW 服务器：二、三个路由器的基本配置LuoShan#sh startup-configUsing 699 bytes!version 12.4no service password-encryption!hostname LuoShan!enable password ciscousername senya password 0 ciscoip ssh version 1no ip domain-lookup!interface FastEther

5、netO/Ono ip addressduplex auto speed auto shutdown!interface FastEthernetO/1ip address duplex auto speed auto!interface Serial0/3/0ip address clock rate 56000!interface Serial0/3/1ip address !interface Vlan1no ip address shutdown

6、1routereigrp 100networknetworknetworkauto-summary!ip classlessline con 0line vty 0 4password ciscologinendHuangChuang#sh startup-configUsing 669 bytes!version 12.4no service password-encryption!hostname HuangChuang!enable password ciscoip ssh version 1no ip domain-look

7、up!interface FastEthernetO/Ono ip addressduplex auto speed auto shutdown!interface FastEthernet0/1ip address duplex auto speed auto!interface Serial0/3/0ip address !interface Serial0/3/1ip address clock rate 56000!interface Vlan

8、1no ip addressshutdownrouter eigrp 100network 192.16820network network auto-summary!ip classlessline con 0line vty 0 4password ciscologin!endxixian#sh startup-configUsing 679 bytes!version 12.4service password-encryption!hostname xixian!enable password 7 0822455D0A16ip ssh versio

9、n 1 no ip domain-lookup!interface FastEthernet0/0no ip addressduplex autospeed auto shutdown!interface FastEthernet0/1ip address duplex autospeed auto!interface Serial0/3/0ip address clock rate 56000!interface Serial0/3/1ip address 255.255.25

10、5.0!interface Vlan1no ip addressshutdown!router eigrp 100network network network auto-summary!ip classlessline con 0line vty 0 4password 7 0822455D0A16login!end三、配置简单的ACL1、配置ACL限制远程登录到路由器的主机HuangChuang#conf tEnter configuration commands, one per line. End with CNTL/Z.H

11、uangChuang(config)#access-list 1 permit host 路由器 HuangChuang 只允许 远程登录(telnet)HuangChuang(config)#line vty 0 4HuangChuang(config-line)#access-class 1 inHuangChuang(config-line)#其它两个路由器配置相似2、配置 ACL禁止/24 网段的icmp协议数据包通向与 /24 网段xixian(config)#access-list 101 de

12、ny icmp 5555xixian(config)#access-list 101 permit ip any anyxixian(config)#int fa0/1xixian(config-if)#ip access-group 101 outxixian(config-if)#3、配置ACL禁止特点的协议端口通讯HuangChuang#conf tEnter configuration commands, one per line. End with CNTL/Z.HuangChuang(config)#ip ac

13、cess-list extended ACL1创建基于名称的扩展ACLHuangChuang(config-ext-nacl)#denytcp host 55 eq 80HuangChuang(config-ext-nacl)#denyudp host 55 eq 53HuangChuang(config-ext-nacl)#permit ip any anyHuangChuang(config-ext-nacl)#exitHuangChuang(config)#int

14、fa0/1HuangChuang(config-if)#ip access-group ACL1 inHuangChuang(config-if)#图四验证ACL4。检验、查看ACLHuangChuang#sh access-listStandard IP access list 1permit host 192.168 22(4 match(es)Extended IP access list ACL1deny udp host 55 eq domaindeny tcp host 0.0.0

15、.255 eq wwwpermit ip any anyHuangChuang#show access-listStandard IP access list 1permit host (4 match(es)Extended IP access list ACL1deny udp host 55 eq domain (15 match(es)deny tcp host 55 eq www (60 match(es)permit ip any any (34

16、 match(es)HuangChuang#show access-list ACL1Extended IP access list ACL1deny udp host 192.16823deny tcp host permit ip any any55 eq domain (15 match(es)55 eq www (60 match(es)(34 match(es)HuangChuang#showaccess-list 1Standard IP access list 1permit host

17、(4 match(es)四、配置ACL的路由器配置内容HuangChuang#sh startup-configUsing 914 bytes!version 12.4no service password-encryption!hostname HuangChuang!enable password ciscoip ssh version 1no ip domain-lookup!interface FastEthernet0/0no ip addressduplex autospeed autoshutdown!interface FastEthernet0/1ip

18、address ip access-group ACL1 induplex autospeed auto!interface Serial0/3/0ip address interface SerialO/3/1ip address clock rate 56000!interface Vlan1no ip addressshutdown!router eigrp 100network network netwo

19、rk auto-summary!ip classless!access-list 1 permit host ip access-list extended ACL1domainwwwdeny udp host 55 eqdeny tcp host 55 eqpermit ip any anyline con 0line vty 0 4access-class 1 inpassword ciscologin!endLuoShan#sh s

20、tartup-configUsing 756 bytes!version 12.4no service password-encryption!hostname LuoShan!enable password ciscousername senya password 0 ciscoip ssh version 1no ip domain-lookup!interface FastEthernetO/Ono ip addressduplex autospeed autoshutdown!interface FastEthernetO/1ip address 255.255.

21、255.0duplex autospeed auto!interface Serial0/3/0ip address clock rate 56000!interface Serial0/3/1ip address !interface Vlan1no ip addressshutdown!router eigrp 100network network network auto-summary!ip classless!access-list 2 permit host line con 0line vty 0 4access-class 2 inpassword ciscologin!endxixian#show startup-configUsing 808 by