高级计算机网络实验材料ccna1-2没有登陆ns提示7configuring and verifying ipv6acls

拓地址分配设接IP默认网S0/0/0S0/0/1目第1部分：设置拓扑并初始化第2部分：配置设备并检验连接第4部分：编辑IPv6ACL背景/与创建IPv4命名ACL类似，通过创建IPv6控制列表(ACL)并将其应用到接口，可以过滤IPv6流量。新的ipv6traffic-filter命令。ipv6access-class命令仍然用来对接口应用IPv6ACL。注意：CCNACiscoIOSRelease15.2(4)M3（universalk9映像）Cisco1941(ISR)CiscoIOSRelease15.0(2)（lanbasek9映像）CiscoCatalyst2960CiscoIOSCiscoIOS版本不同，注意：确保所使用的路由器和交换机的启动配置都已擦除。如果不确定，请联系教所需资用于通过控制台电缆配置CiscoIOS设备的控制台端口1部分:设置拓扑并初1步:建立如拓扑图所示的网2步:初始化并重新加载路由器和交换2部分:配置设备并检1步:在所PC上配IPv6地址2步:配置交换机指定指定class作为EXEC加密 3步:在所有路由器上配置基本设置指定指定class作为EXEC加密 4步:R1上配IPv6设置G0/0、G0/1S0/0/0IPv6FE80::1R1(config)#ipv6route::/05步:R2上配IPv6设置R2(config)#ipv6route2001:db8:acad::/48R2(config)#ipv6route2001:db8:cafe:c::/646步:R3上配IPv6设置R3(config)#ipv6route::/07步:检验连通性 单击Continue（继续）接受安全警告并连接到路由器。passwordtologin（使用明文登录）。单击OK（确定）继续。3部分:配置并检IPv61步:配置并检R1VTY创建一个ACL，以仅允许来自2001:db8:acad:a::/64网络的主机通过 能通过SSH连接到R1。R1(config)#ipv6access-listRESTRICT-R1(config-ipv6-acl)#permittcp2001:db8:acad:a::/64R1(config-ipv6-acl)#permittcpanyanyeqR1(config-ipv6-acl)#linevty0R1(config-line)#ipv6access-classRESTRICT-VTYR1(config-line)#R1#showaccess-IPv6accesslistRESTRICT-permittcp2001:DB8:ACAD:A::/64anysequence10permittcpanyanyeq22sequence20 检验“RESTRICT-VTY”ACL只允许来自2001:db8:acad:a::/64网络的net流量。第2步:限制通 net2001:db8:acad:a::/64网络 net2001:db8:acad:a::/64网络R1(config)#ipv6access-listRESTRICTED-R1(config-ipv6-acl)#remark netfromR1(config-ipv6-acl)#denytcpany2001:db8:acad:a::/64 R1(config-ipv6-acl)#permitipv6anyR1(config-ipv6-acl)#intR1(config-if)#ipv6traffic-filterRESTRICTED-LANR1(config-if)# net从PC-B和PC-C连接到S1，检验 否仍能使用SSH连接。根据情况排除故障。R1#showipv6access-listsRESTRICTED-IPv6accesslistRESTRICTED-denytcpany2001:DB8:ACAD:A::/64eq net(6matches)sequence20permitipv6anyany(45matches)sequence30R1#clearipv6access-listRESTRICTED-R1#showaccess-listsRESTRICTED-IPv6accesslistRESTRICTED-denytcpany2001:DB8:ACAD:A::/64eq netsequence20permitipv6anyanysequence304部分:IPv6ACL应用到接口。此方法可以保留ACL，直到您准备好应用经过编辑的ACL副本。1步:移除接口ACLR1(config)#intR1(config-if)#noipv6traffic-filterRESTRICTED-LANR1(config-if)#2步:showaccess-lists命令查ACLR1#showaccess-IPv6accesslistRESTRICT-permittcp2001:DB8:ACAD:A::/64any(4matches)sequence10permittcpanyanyeq22(6matches)sequence20IPv6accesslistRESTRICTED-denytcpany2001:DB8:ACAD:A::/64eq netsequence20permitipv6anyany(36matches)sequence303步:使用序列号插入ACL语句R1(config)#ipv6access-listRESTRICTED-R1(config-ipv6-acl)#permittcp2001:db8:acad:b::/64host2001:db8:acad:a::aeq23sequence15第4步:在ACL的末入新的ACL语句R1(config-ipv6-acl)#permittcpanyhost2001:db8:acad:a::3eq5步:doshowaccess-lists命令查ACL变化R1(config-ipv6-acl)#doshowaccess-IPv6accesslistRESTRICT-permittcp2001:DB8:ACAD:A::/64any(2matches)sequence10permittcpanyanyeq22(6matches)sequence20IPv6accesslistRESTRICTED-permittcp2001:DB8:ACAD:B::/64host2001:DB8:ACAD:A::Aeq netsequence15denytcpany2001:DB8:ACAD:A::/64eq netsequence20permitipv6anyany(124matches)sequencepermittcpanyhost2001:DB8:ACAD:A::3eqwwwsequence6步:删除一ACL语句R1(config-ipv6-acl)#nopermittcpanyhost2001:DB8:ACAD:A::3eq7步:doshowaccess-listRESTRICTED-LANACLR1(config-ipv6-acl)#doshowaccess-listRESTRICTED-IPv6accesslistRESTRICTED-permittcp2001:DB8:ACAD:B::/64host2001:DB8:ACAD:A::Aeq netsequence15denytcpany2001:DB8:ACAD:A::/64eq netsequence20permitipv6anyany(214matches)sequence8步:G0/1重新应用“RESTRICTED-LAN”ACLR1(config-ipv6-acl)#intR1(config-if)#ipv6traffic-filterRESTRICTED-LANR1(config-if)#9步:ACL更改 思路由器接 路由器接路由器型Ether