Bài Viết VLan AccessList

Bi Vit VLan AccessList

Bi Vit VLan AccessList

Tc gi Trng Quang DngVlan Access-list (VACLs)l mt trong nhng phng php nng cao tnh bo mt trong mng. Cho php kim sot lu lng chy trn Switch. Khi cu hnh Vlan Access-list, ngi dng c th phn loi lu lng:ip, tcp, wwwTu vo chnh sch ca nh qu tr mng c th lc b hoc cho cc loi thng tin lu thng trong mng.Vlan Access-list c th p dng trong phm vi Vlan, hoc gia cc Vlan (intervlan)Vlan Access-list c cc dc tnh nh Router Access-list(RACLs), c th loi b, cho qua, hay ti nh hng (redirection) cc gi tinTrong phm vi bi Lab gm hai phn:-Phn 1: Minh ho c tnh ca VACLs trong phm vi mt Vlan-Phn 2: Minh ho c tnh ca VACLs vt khi phm vi VlanPhn 1: Minh ho c tnh ca VACLs trong phm vi mt Vlan

hnh

M t:Trong Vlan 10 dng mt Cisco Router dng lm Access server, c cu hnh vi a ch 192.168.10.254/24, cho php telnet.Management IP ca Vlan 10 l 192.168.10.1/24, cc Work Station c a ch t 192.168.10.2..192.168.1.253/24.Cu hnh Vlan Access-list cm khng cho cc Work Station c a ch IP trong khong 192.168.10.2/24 n 192.168.10.15/24 khng th telnet vo Access Server, ngoi tr 192.168.10.3/24 (192.168.10.3/24 vn c th telnet vo).

Thng tin v trm 192.168.10.3

Dng mt Work Station trong khong cm th nghim:gi s dng trm 192.168.10.4

Cc bc cu hnh:Bc 1: m t bi Lab, trc ht phi cu hnh c bn gm Vlan, v cc my trm nh hnhCu hnh VlanVnpro#vlan databaseVnpro(vlan)#vtp domain VnproChanging VTP domain name from NULL to VnproVnpro(vlan)#vlan 10 name AdminVLAN 10 added: Name: AdminVnpro(vlan)#vlan 20 name UserVLAN 20 added: Name: UserVnpro(vlan)#applyAPPLY completed.Vnpro(vlan)#exitAPPLY completed.Exiting....Cu hnh Management IP cho cc VlanVnpro#config terminalEnter configuration commands, one per line. End with CNTL/Z.Vnpro(config)#interface vlan 1Vnpro(config-if)#ip address 192.168.1.1 255.255.255.0Vnpro(config-if)#no shutdownVnpro(config-if)#exit00:06:14: %LINK-3-UPDOWN: Interface Vlan1, changed state to upVnpro(config)#interface vlan 10Vnpro(config-if)#ip address 192.168.10.1 255.255.255.0Vnpro(config-if)#no shutdownVnpro(config-if)#exitVnpro(config)#00:07:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to downVnpro(config)#interface vlan 20Vnpro(config-if)#ip address 192.168.20.1 255.255.255.0Vnpro(config-if)#no shutVnpro(config-if)#exit00:06:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down Sau khi cu hnh Vlan, ngi dng c th a cc port vo cc Vlan tng ngBc 2:Cu hnh Vlan Accest-list-Cu hnh access-listVnpro(config)#ip access-list extended VnproAllow1Vnpro(config-ext-nacl)#permit tcp host 192.168.10.3 host 192.168.10.254 eq tenetVnpro(config-ext-nacl)#exitVnpro(config)#ip access-list extended VnproBlock1Vnpro(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnetVnpro(config-ext-nacl)#exitVnpro(config)#ip access-list extended VnproDefault1Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#exitVnpro(config)#kim tra thng tin v Access-listVnpro#show ip access-lists Extended IP access list VnproAllow1 permit tcp host 192.168.10.3 host 192.168.10.254 eq telnetExtended IP access list VnproBlock1 permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnetExtended IP access list VnproDefault1 permit tcp any anyVnpro#Khi nim Access-list khng cn b hp trong ngha thng thng (dng chn traffic, hay chn cc IP), Access-list c dng lc , phn loi traffic, a ch IP, sau i vi tng loi traffic hay IP phn loi, ngi dng c th c chnh sch i x khc nhau.Ly VD trong bi Lab ny, dng cc Access-list phn cc Work Station thnh cc nhm sau- VnproAllow1 tng ng vi host 192.168.10.3, loi traffic tcp c th l telnet-VnproBlock1 tng ng vi host t 192.168.10.1/28 n 192.168.10.15/28 , loi traffic tcp c th l telnet-VnproDefault tng ng vi cc host cn li trong Vlan 10, loi traffic tcp c th l telnetSau tu vo tng nhm, ngi dng c cc chnh sch khc nhau:c th nh sau:-i vi nhm VnproAllow1: cho php -i vi nhm VnproBlock1: b cm (tc traffic tng ng khi truy cp n IP tng ng trong nhm ny s b DROP)-i vi nhm VnproDefault1: cho php.Nguyn tc: sau khi c chnh sch cm cc loi traffic truy cp n cc IP tng ng no , cn thit phi kt thc vi Access-list c ni dung permit any any, nu khng, do tnh cht implicit deny ca Access-list, cc host khc s b cm i vi mi loi traffic cn li.Trong trng hp bi Lab, nhm VnproDefault1 c dng vi chc nng nu trn.Cu hnh Vlan Access-map (dng p t chnh sch i vi tng nhm phn loi)Vnpro(config)#vlan access-map VnproMap1 10Vnpro(config-access-map)#match ip address VnproAllow1Vnpro(config-access-map)#action forward Vnpro(config-access-map)#exitVnpro(config)#vlan access-map VnproMap1 20Vnpro(config-access-map)#match ip address VnproBlock1Vnpro(config-access-map)#action dropVnpro(config-access-map)#exitVnpro(config)#vlan access-map VnproMap1 30Vnpro(config-access-map)#match ip address VnproDefault1Vnpro(config-access-map)#action forward Vnpro(config-access-map)#end00:18:33: %SYS-5-CONFIG_I: Configured from console by consoleKim tra thng tin v Vlan Access-map va cu hnhVnpro#show vlan access-mapVlan access-map "VnproMap1" 10 Match clauses: ip address: VnproAllow1 Action: forwardVlan access-map "VnproMap1" 20 Match clauses: ip address: VnproBlock1 Action: DropVlan access-map "VnproMap1" 30 Match clauses: ip address: VnproDefault1 Action: forwardVnpro#Mun kch hot cc chnh sch , phi p dng (apply) cc Access-map ny vo Vlan c th (trong trng hp ny l Vlan 10

Trc khi Apply vo Vlan 10, host 192.168.10.3/28 v 192.168.10.4/28 u c th telnet vo 192.168.10.254

Kt qu telnet thnh cng t Work Station 192.168.10.3/24 v 192.168.10.4/24 vo Access Server 192.168.10.254

Apply vo mt Vlan (kch hot cc Access-map trn Vlan 10)Vnpro(config)#vlan fiter VnproMap1 vlan-list 10Kim traVnpro#show vlan filter VLAN Map VnproMap1 is filtering VLANs: 10Vnpro#

Kim tra s hot ng ca Vlan Access-list sau khi kch hot bng cch tin hnh telnet t cc Work Station 192.168.10.3/28 v 192.168.10.4/28 v ghi nhn kt qu.

Work Station 192.168.10.3/28 vn telnet thnh cng vo Access Server 192.168.10.254 v Work Station ny c a ch IP c phn loi bi nhm VnproAllow1, v chnh sch p dng cho nhm ny l action: forwardWork Station 192.168.4/28 b t chi khi telnet vo Access Server 192.168.254 v Work Station ny c a ch IP c phn loi bi nhm VnproBlock1, v chnh sch p dng cho nhm ny l action: dropi vi cc Work Station cn li nm trong nhm VnproDefault1 vn c th telnet vo Access Server 192.168.10.254 v chnh sch i vi nhm ny l action: forwardTuy nhin khi ch cu hnh VnproDefault1 nh sau:Vnpro(config)#ip access-list extended VnproDefault1Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#exitVnpro(config)#

Vi cu hnh nh vy, cc Work Station trong nhm VnproDefaul1 ch c th telnet ch khng th ping thy Access Server do qun dng lnh permit ip any any

Mun ping thy Access Server cn cu hnh nh sau:Vnpro(config)#ip access-list extended VnproDefault1Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#permit ip any anyVnpro(config-ext-nacl)#exitVnpro(config)# l do c tnh implicit deny ca Access-list . Phn 2 s minh ho vic khc phc li trn.Mt lu khc:khi c kch hot, cc Access-list s kim tra theo th t t trn xung, gp dng iu kin, Switch s p t chnh sch c cu hnh vo ri kt thc qu trnh kim tra.Trong bi Lab ny, nu i th t cc Access-map, kt qu s hon ton khc.VD :nu t voVnproMap1 10 cu hnh nh sau:Vnpro(config)#vlan access-map VnproMap1 10Vnpro(config-access-map)#match ip address VnproDefault1Vnpro(config-access-map)#action forward Vnpro(config-access-map)#exitAccess-map s c kim tra t trn xung, ngay ln kim tra u tin gp permit ip any any v tt c cc IP u tho iu kin any anySwitch lp tc p t chnh sch action: forward v nhm ny ri kt thc qu trnh kim tra.Kt qu : tt c cc Work Station u c th telnet vo Access Server 192.168.10.254 (k c cc Work Station c a ch IP trong khong 192.168.10.1/28 n 192.168.10.15/28)V vy khi cu hnh, th t cc Access-list v Access-map l mt iu ht sc quan trng.Phn 2: Minh ho c tnh ca VACLs vt khi phm vi Vlan

hnh

Cu hnh InterVlan Routing: Tham kho cu hnh InterVlan Routing trong bi InterVlan Routing & MultiLayer SwitchingTrong trng hp ny InterVlan Routing dnh giao thc nh tuyn Rip dn gin ho cu hnh (v mc tiu chnh l: minh ho VACLs)M t: Trong phn ny , cu hnh Vlan Access-list p dng vo Vlan 20Dng Cisco Router kt ni vi MultiLayer Switch qua cng FastEthernet c s a ch nh hnh v, Router c hostname l Remote dng lm Access Server.Management IP ca Vlan 20 l 192.168.20.1/24, cc Work Station c a ch t 192.168.20.2..192.168.20.253/24.Cu hnh Vlan Access-list cm khng cho cc Work Station c a ch IP trong khong 192.168.20.2/24 n 192.168.20.15/24 khng th telnet vo Access Server, ngoi tr 192.168.20.3/24 (192.168.20.3/24 vn c th telnet vo Remote router 10.200.0.2/24).Cc bc tin hnh tng t nh trn:Cu hnh MLS trn Switch VnproVnpro(config)#interface fa0/1Vnpro(config-if)#no switchportVnpro(config-if)#Vnpro(config-if)#ip address 10.200.0.1 255.255.255.0Vnpro(config-if)#no shutdownVnpro(config-if)#exit01:28:35: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up01:28:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upVnpro(config)#ip routingVnpro(config)#router ripVnpro(config-router)#network 192.168.1.0Vnpro(config-router)#network 192.168.10.0Vnpro(config-router)#network 192.168.20.0Vnpro(config-router)#network 10.200.0.0Vnpro(config-router)#^Z01:29:53: %SYS-5-CONFIG_I: Configured from console by consoleCu hnh a ch IP v nh tuyn trn Remote routerRemote#config terminalEnter configuration commands, one per line. End with CNTL/Z.Remote(config)#interface Ethernet0/0Remote(config-if)#ip address 10.200.0.2 255.255.255.0Remote(config-if)#no shutdownRemote(config-if)#exitRemote(config)#interface loopback 0Remote(config-if)#ip address 172.168.0.1 255.255.255.0Remote(config-if)#no shutdownRemote(config-if)#exitRemote(config)#router ripRemote(config-router)#network 10.200.0.0Remote(config-router)#network 172.168.0.0Remote(config-router)#^ZKim tra thng tin nh tuyn trn Remote router vo Vnpro SwitchVnpro#show ip routeGateway of last resort is not setC 192.168.10.0/24 is directly connected, Vlan10R 172.168.0.0/16 [120/1] via 10.200.0.2, 00:00:24, FastEthernet0/1C 192.168.20.0/24 is directly connected, Vlan20 10.0.0.0/24 is subnetted, 1 subnetsC 10.200.0.0 is directly connected, FastEthernet0/1Cu hnh cc Vlan Access-list miVnpro#telnet 10.200.0.2Trying 10.200.0.2 ... OpenUser Access VerificationPassword: ciscoRemote>enablePassword: vnproRemote#show ip routeGateway of last resort is not setR 192.168.10.0/24 [120/1] via 10.200.0.1, 00:00:09, Ethernet0/0 172.168.0.0/24 is subnetted, 1 subnetsC 172.168.0.0 is directly connected, Loopback0R 192.168.20.0/24 [120/1] via 10.200.0.1, 00:00:09, Ethernet0/0 10.0.0.0/24 is subnetted, 1 subnetsC 10.200.0.0 is directly connected, Ethernet0/0Remote#Vnpro(config)#ip access-list extended VnproAllow2Vnpro(config-ext-nacl)#permit tcp host 192.168.20.3 host 10.200.0.2 eq telnetVnpro(config-ext-nacl)#exitVnpro(config)#ip access-list extended VnproBlock2Vnpro(config-ext-nacl)#permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnetVnpro(config-ext-nacl)#exitVnpro(config)#ip access-list extended VnproDefault2Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#permit ip any anyVnpro(config-ext-nacl)#endVnpro#01:56:55: %SYS-5-CONFIG_I: Configured from console by consoleKim tra thng tin v Access-listVnpro#show ip access-lists Extended IP access list VnproAllow1 permit tcp host 192.168.10.3 host 192.168.10.254 eq telnetExtended IP access list VnproAllow2 permit tcp host 192.168.20.3 host 10.200.0.2 eq telnetExtended IP access list VnproBlock1 permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnetExtended IP access list VnproBlock2 permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnetExtended IP access list VnproDefault1 permit tcp any anyExtended IP access list VnproDefault2 permit tcp any any permit ip any anyVnpro#Cu hnh Vlan Access-mapVnpro#config terminalEnter configuration commands, one per line. End with CNTL/Z.Vnpro(config)#vlan access-map VnproMap2 10Vnpro(config-access-map)#match ip address VnproAllow2Vnpro(config-access-map)#action forward Vnpro(config-access-map)#exitVnpro(config)#vlan access-map VnproMap2 20Vnpro(config-access-map)#match ip address VnproBlock2Vnpro(config-access-map)#action dropVnpro(config-access-map)#exitVnpro(config)#vlan access-map VnproMap2 30Vnpro(config-access-map)#match ip address VnproDefault2Vnpro(config-access-map)#action forward Vnpro(config-access-map)#endVnpro(config)#Kim tra thng tin Vlan Access-listVnpro#show vlan access-mapVlan access-map "VnproMap1" 10 Match clauses: ip address: VnproAllow1 Action: forwardVlan access-map "VnproMap1" 20 Match clauses: ip address: VnproBlock1 Action: dropVlan access-map "VnproMap1" 30 Match clauses: ip address: VnproDefault1 Action: forwardVlan access-map "VnproMap2" 10 Match clauses: ip address: VnproAllow2 Action: forwardVlan access-map "VnproMap2" 20 Match clauses: ip address: VnproBlock2 Action: dropVlan access-map "VnproMap2" 30 Match clauses: ip address: VnproDefault2 Action: forwardVnpro#

Khi cha p dng (apply) Vlan Access-map VnproMap2 vo Vlan 20, tt c cc Work Station trn Vlan 20 u c th telnet v Ping thnh cng Remote router

Work Station telnet thnh cng vo Remote router khi cha p dng Vlan Access-map VnproMap2 vo Vlan 20

Work Station ping thnh cng vo Remote router khi cha p dng Vlan Access-map VnproMap2 vo Vlan 20

p dng (apply) Vlan Access-map VnproMap2 vo Vlan 20Vnpro(config)#vlan filter VnproMap2 vlan-list 20Kim tra cu hnh Vlan Access-map khi p dng vo cc Vlan trn SwitchVnpro#show vlan filterVLAN Map VnproMap1 is filtering VLANs: 10VLAN Map VnproMap2 is filtering VLANs: 20Kim tra s hot ng ca Vlan Access-list sau khi p dng Vlan Access-map VnproMap2 vo Vlan 20 bng cch ping v telnet Remote router t cc Work Station v ghi nhn kt qu.

T kt qu trn c th thy:Work Station c IP 192.168.20.4/28 ch c th ping ch khng th telnet vo Remote router 10.200.0.2/24, qua thy c tnh nng ca VACLs trong mi trng intervlan.

Lu : khng nh phn1, sau khi p dng Vlan Access-map VnproMap2 vo Vlan 20Work Station 192.168.20.4/28 ch b cm khi gi traffic tcp c th l telnet n Remote router qua IP10.200.0.2/24, cn cc loi traffic khc( trong trng hp ny l ip vn trong sut (transparent) vi Vlan Access-list)Tnh cht implicit deny ca Access-list c khc phc so vi cu hnh trnh by phn1.Tham kho s khc bit qua c im sau:Phn 1:Vnpro(config)#ip access-list extended VnproDefault1Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#exitVnpro(config)#Phn 2:Vnpro(config)#ip access-list extended VnproDefault2Vnpro(config-ext-nacl)#permit tcp any anyVnpro(config-ext-nacl)#permit ip any anyVnpro(config-ext-nacl)#exitVnpro(config)#Trong tt c mi trng hp, khi s dng Access-list ni chung, Cn ch trnh t ca cc Access-list s dng, v c tnh implicit deny ca chng .Ph lcCu hnh tham kho ca SwitchVnpro!hostname Vnpro!enable secret 5 $1$FW/z$z49gfElHWknNIvPIOfZEG0enable password cisco!ip subnet-zeroip routing!!spanning-tree mode pvstspanning-tree extend system-id!!vlan access-map Vnpr1 10action forwardvlan access-map VnproMap1 10action forwardmatch ip address VnproAllow1vlan access-map VnproMap1 20action dropmatch ip address VnproBlock1vlan access-map VnproMap1 30action forwardmatch ip address VnproDefault1vlan access-map VnproMap2 10action forwardmatch ip address VnproAllow2vlan access-map VnproMap2 20action dropmatch ip address VnproBlock2vlan access-map VnproMap2 30action forwardmatch ip address VnproDefault2vlan filter VnproMap1 vlan-list 10vlan filter VnproMap2 vlan-list 20!!interface FastEthernet0/1no switchportip address 10.200.0.1 255.255.255.0!interface FastEthernet0/2no ip address!interface FastEthernet0/3no ip address!interface FastEthernet0/4no ip address!interface FastEthernet0/5switchport access vlan 10no ip address!interface FastEthernet0/6switchport access vlan 10no ip address!interface FastEthernet0/7switchport access vlan 10no ip address!interface FastEthernet0/8switchport access vlan 10no ip address!interface FastEthernet0/9switchport access vlan 20no ip address!interface FastEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 20no ip address!interface FastEthernet0/12switchport access vlan 20no ip address!interface GigabitEthernet0/1no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 192.168.1.1 255.255.255.0!interface Vlan10ip address 192.168.10.1 255.255.255.0!interface Vlan20ip address 192.168.20.1 255.255.255.0!router ripnetwork 10.0.0.0network 192.168.1.0network 192.168.10.0network 192.168.20.0!ip classlessip http server!ip access-list extended VnproAllow1permit tcp host 192.168.10.3 host 192.168.10.254 eq telnetip access-list extended VnproAllow2permit tcp host 192.168.20.3 host 10.200.0.2 eq telnetip access-list extended VnproBlock1permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnetip access-list extended VnproBlock2permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnetip access-list extended VnproDefault1permit tcp any anyip access-list extended VnproDefault2permit tcp any anypermit ip any any!line con 0line vty 0 4password ciscologinline vty 5 15login!endVnpro#show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Gi0/1 Gi0/210 Admin active Fa0/5, Fa0/6, Fa0/7, Fa0/820 User active Fa0/9, Fa0/10, Fa0/11, Fa0/121002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------Vnpro#show vlan access-map Vlan access-map "VnproMap1" 10 Match clauses: ip address: VnproAllow1 Action: forwardVlan access-map "VnproMap1" 20 Match clauses: ip address: VnproBlock1 Action: dropVlan access-map "VnproMap1" 30 Match clauses: ip address: VnproDefault1 Action: forwardVlan access-map "VnproMap2" 10 Match clauses: ip address: VnproAllow2 Action: forwardVlan access-map "VnproMap2" 20 Match clauses: ip address: VnproBlock2 Action: dropVlan access-map "VnproMap2" 30 Match clauses: ip address: VnproDefault2 Action: forwardVnpro#show ip access-listExtended IP access list VnproAllow1 permit tcp host 192.168.10.3 host 192.168.10.254 eq telnetExtended IP access list VnproAllow2 permit tcp host 192.168.20.3 host 10.200.0.2 eq telnetExtended IP access list VnproBlock1 permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnetExtended IP access list VnproBlock2 permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnetExtended IP access list VnproDefault1 permit tcp any anyExtended IP access list VnproDefault2 permit tcp any any permit ip any anyVnpro#show vlan filterVLAN Map VnproMap1 is filtering VLANs: 10VLAN Map VnproMap2 is filtering VLANs: 20Vnpro#show ip routeGateway of last resort is not setC 192.168.10.0/24 is directly connected, Vlan10R 172.168.0.0/16 [120/1] via 10.200.0.2, 00:00:21, FastEthernet0/1C 192.168.20.0/24 is directly connected, Vlan20 10.0.0.0/24 is subnetted, 1 subnetsC 10.200.0.0 is directly connected, FastEthernet0/1Vnpro#ping 10.200.0.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.200.0.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msVnpro#ping 172.168.0.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.168.0.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msVnpro#Cu hnh tham kho ca Remote RouterRemote#show running-configBuilding configuration...Current configuration : 690 bytes!version 12.2service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Remote!enable secret 5 $1$wDfm$5zcN0Px2wrN0be6jV74m60enable password cisco!memory-size iomem 10ip subnet-zero!!!call rsvp-sync!interface Loopback0ip address 172.168.0.1 255.255.255.0!interface Ethernet0/0ip address 10.200.0.2 255.255.255.0half-duplex!interface Serial0/0no ip addressshutdownno fair-queue!router ripnetwork 10.0.0.0network 172.168.0.0!ip classlessip http serverip pim bidir-enable!dial-peer cor custom!line con 0line aux 0line vty 0 4password ciscologin!no scheduler allocateendRemote#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setR 192.168.10.0/24 [120/1] via 10.200.0.1, 00:00:25, Ethernet0/0 172.168.0.0/24 is subnetted, 1 subnetsC 172.168.0.0 is directly connected, Loopback0R 192.168.20.0/24 [120/1] via 10.200.0.1, 00:00:25, Ethernet0/0 10.0.0.0/24 is subnetted, 1 subnetsC 10.200.0.0 is directly connected, Ethernet0/0Remote#ping 192.168.20.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.20.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msRemote#telnet 192.168.20.4Trying 192.168.20.4 ... % Connection refused by remote hostRemote#

Documents

Bài Viết VLan AccessList