一个简单的自反ACL的配置例子
拓扑图:
配置R1:
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip address 10.10.1.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.1.1 //默认路由
配置R2:
R2#conf t
R2(config)#int f0/0
R2(config-if)#ip address 10.10.1.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#int f0/1
R2(config-if)#ip address 20.20.1.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
配置R3:
R3#conf t
R3(config)#int f0/0
R3(config-if)#ip address 20.20.1.2 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 20.20.1.1 //默认路由
测试ping通性:
R1 ping R3:
R3 ping R1:
路由器R2配置ACL:
R2#conf t
R2(config)#ip access-list extended R1-R3
R2(config-ext-nacl)#permit ip any any res
R2(config-ext-nacl)#permit ip any any ref
R2(config-ext-nacl)#permit ip any any reflect ccie
R2(config-ext-nacl)#exit
R2(config)#ip access-list ext
R2(config)#ip access-list extended R3-R1
R2(config-ext-nacl)#ev
R2(config-ext-nacl)#evaluate ccie
R2(config-ext-nacl)#exit
R2(config)#int f0/1
R2(config-if)#ip access-group R1-R3 out
R2(config-if)#ip access-group R3-R1 in
R2(congig-if)#exit
测试ping通性:
R1 ping R3:
R3 ping R1: