预配置:第一步:R1上的预配置R1(config)#int s1/2R1(config-if)#ip add 10.1.1.1 255.255.255.0R1(config-if)#no shR1(c
.
预配置:
第一步:R1上的预配置
R1(config)#int s1/2
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#router ospf 1
R1(config-router)#net 0.0.0.0 0.0.0.0 area 0
R1(config-router)#
第二步:R2上的预配置
R2(config)#int s2/1
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config)#router ospf 1
R2(config-router)#net 0.0.0.0 0.0.0.0 area 0
R2(config-router)#
实验过程:
第一步:在R2做测试,从2.2.2.0出发ping R1的10.1.1.0
R2#p
Protocol [ip]:
Target IP address: 10.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 2.2.2.2
% Invalid source
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/52 ms
第二步:在R1上做访问控制列表,拒绝2.2.2.0网段的访问
R1(config)#access-list 3 deny 2.2.2.0 0.0.0.255
R1(config)#access-list 3 permit any
R1(config)#int s1/2
R1(config-if)#ip access-group 3 in (用在近源地址端)
R1(config-if)#^Z
第三步:在R2上再次ping测试
R2#ping
Protocol [ip]:
Target IP address: 1.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 2.2.2.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
