# 20201125 cisco EIGRP (三)

## 課堂資料

{% embed url="<http://www.tsnien.idv.tw/Manager_WebBook/chap9/9-5%20%E5%B0%81%E5%8C%85%E9%81%8E%E6%BF%BE%E8%A1%A8%20%E2%80%93%20ACL.html>" %}

{% embed url="<https://giboss.pixnet.net/blog/post/26846168>" %}

### ACL

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOx4eNBGkOa48ihIAoQ%2F-MOxVlS-LG6EoqbYLKJu%2Fimage.png?alt=media\&token=b8bb9c56-7f20-4fda-8f0f-494bf42fa59c)

{% tabs %}
{% tab title="R1" %}

```
int e0/0
```

```
ip add 12.1.1.1 255.255.255.0
```

```
no shut
```

```
int lo1
```

```
ip add 1.1.1.1 255.255.255.0
```

```
no shut
```

```
int lo2
```

```
ip add 2.2.2.2 255.255.255.0
```

```
no shut
```

```
router rip
```

```
ver 2
```

```
network 12.1.1.0
```

```
no auto-summary
```

```
exit
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxfoM2gSbjyRK08_C2%2Fimage.png?alt=media\&token=8c43c0c0-c0c7-43a9-953b-e9de957e7151)

```
router rip
```

```
ver 2
```

```
network 1.1.1.0
```

```
network 2.2.2.0
```

```
exit
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxhKpPA4MSC6rJGnxP%2Fimage.png?alt=media\&token=b3ba4feb-ef29-4953-91fe-b801ddfee878)

```
do ping 3.3.3.3 source 1.1.1.1
```

```
do ping 4.4.4.4 source 1.1.1.1
```

```
do ping 3.3.3.3 source 2.2.2.2
```

```
do ping 4.4.4.4 source 2.2.2.2
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxi0fRo6-5IjSx7nfD%2Fimage.png?alt=media\&token=705155d5-6f87-432c-b175-ae0aff4e3426)

```
exit
```

```
telnet 4.4.4.4
```

```
cisco
```

```
telnet 3.3.3.3
```

```
cisco
```

{% endtab %}

{% tab title="R2" %}

```
int e0/0
```

```
ip add 12.1.1.2 255.255.255.0
```

```
no shut
```

```
int e0/1
```

```
ip add 23.1.1.2 255.255.255.0
```

```
no shut
```

```
router rip
```

```
ver 2
```

```
network 12.1.1.0
```

```
network 23.1.1.0
```

```
no auto-summary
```

```
exit
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxgKbneg4yXrF6L5Oi%2Fimage.png?alt=media\&token=54bb7384-870b-43ef-a28f-dd1c521eb2f2)

```
access-list 100 deny icmp 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255
```

```
access-list 100 deny icmp 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255
```

```
access-list 100 permit ip any any
```

```
int e0/0
```

```
ip access-group 100 in
```

```
exit
```

```
end
```

```
sh access-lists
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxierjshckrquW0Qhl%2Fimage.png?alt=media\&token=0f6dcc64-f79e-4fe4-ab3b-5e8a918524a5)

```
conf t
```

```
access-list 101 permit tcp any 3.3.3.0 0.0.0.255 eq 23
```

```
int e0/1
```

```
ip access-group 101 out
```

```
end
```

```
sh access-lists
```

```
conf t
```

```
no access-list 101
```

```
int e0/1
```

```
no ip access-group 101 out
```

```
do sh access-lists
```

```
exit
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxkY9DuvNkeCaKxH-n%2Fimage.png?alt=media\&token=6b8097d7-304e-4e96-900b-bff2f7de33dd)

```
ip access-list extended telnet-acl
```

```
deny tcp any 4.4.4.0 0.0.0.255 eq 23
```

```
permit ip any any
```

```
int e0/1
```

```
ip access-group telnet-acl out
```

```
end
```

```
sh access-lists
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxknqkx3CN9CDPcXWZ%2Fimage.png?alt=media\&token=e601f50f-657c-4415-8673-2a2302972172)
{% endtab %}

{% tab title="R3" %}

```
int e0/0
```

```
ip add 23.1.1.3 255.255.255.0
```

```
no shut
```

```
int lo1
```

```
ip add 3.3.3.3 255.255.255.0
```

```
no shut
```

```
int lo2
```

```
ip add 4.4.4.4 255.255.255.0
```

```
no shut
```

```
router rip
```

```
ver 2
```

```
network 23.1.1.0
```

```
network 3.3.3.0
```

```
network 4.4.4.0
```

```
no auto-summary
```

```
line vty 4
```

```
password cisco
```

```
login
```

```
transport input telnet
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MOxf1ljWSGDIy9bTRgx%2F-MOxh0BG-VefIn719MU2%2Fimage.png?alt=media\&token=257b14d2-fcec-4347-b85f-dcf621c051b2)

```
do sh run
```

{% endtab %}
{% endtabs %}

## 課堂練習

### Part 01. Using extended access-lists

<div align="left"><img src="https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MMxZA8QfImjhJ1aEXI6%2F-MMxZHZTwCFsDck4gskH%2FComputer%20Network%20-%201125%20%E8%AA%B2%E5%A0%82%E7%B7%B4%E7%BF%92%20Part01.jpg?alt=media&#x26;token=b88a020b-8fe4-4d50-8d67-59e74cb62315" alt=""></div>

* **R1 can telnet R3**
* **R1 can not ping R3**

<div align="center"><img src="https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHoh9yXoMsMdQVG-W3%2Fimage.png?alt=media&#x26;token=06d18184-c0e1-4cac-977d-6bfd3a59a9b5" alt=""></div>

{% tabs %}
{% tab title="R1" %}

```
ip route 23.1.1.0 255.255.255.0 e0/0 12.1.1.2
```

```
int e0/0
```

```
ip addr 12.1.1.1 255.255.255.0
```

```
no shut
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHpFSGIVgom55SQSaw%2Fimage.png?alt=media\&token=e86826e4-5a01-4148-8cb9-18f6b70ca846)

```
do ping 23.1.1.3
```

```
do telnet 23.1.1.3
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHq_pk4qRXdmM8XoPS%2Fimage.png?alt=media\&token=5252f77e-7903-4d6d-8959-1dc2d3f1a669)
{% endtab %}

{% tab title="R2" %}

```
ip access-list ex rule
```

```
permit tcp 12.1.1.0 0.0.0.255 23.1.1.0 0.0.0.255 eq 23
```

```
deny icmp 12.1.1.0 0.0.0.255 23.1.1.0 0.0.0.255
```

```
int e0/0
```

```
ip access-group rule in
```

```
ip addr 12.1.1.2 255.255.255.0
```

```
no shut
```

```
int e0/1
```

```
ip addr 23.1.1.2 255.255.255.0
```

```
no shut
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHps9Flrg6py0Pkq4w%2Fimage.png?alt=media\&token=0fa2364d-b8a7-47e6-bae5-33b37fd5a9f8)

```
do sh access-lists
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHqiFhLadq1W7xUV3W%2Fimage.png?alt=media\&token=ce484916-f61d-4fc0-93da-4fdb063c22f8)
{% endtab %}

{% tab title="R3" %}

```
ip route 12.1.1.0 255.255.255.0 e0/0 23.1.1.2
```

```
line vty 0 4
```

```
password cisco
```

```
login
```

```
transport input telnet
```

```
int e0/0
```

```
ip addr 23.1.1.3 255.255.255.0
```

```
no shut
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHayPFaSngOLYlKV2p%2F-MQHqH7y5bzQeFWmLj7A%2Fimage.png?alt=media\&token=16cc72a6-4493-4171-817c-bdc9b34a8cb1)
{% endtab %}
{% endtabs %}

### Part 02. Using **named ACL**

* **讓 172.16.4.0/24 的流量都無法到 R1**
* **插入規則，讓 Linux4 可以 ping R1，但 Linux5 不可**
* **插入規則，讓 Linux5 可以 telnet R1，但 Linux4 不可**

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHwaSOpf3_wpoMK4cB%2F-MQINu-CkfWCYwzmeRNQ%2Fimage.png?alt=media\&token=b713534b-d81f-40bd-b0ad-0a685270c1f7)

{% tabs %}
{% tab title="R1" %}

```
ip route 172.16.4.0 255.255.255.0 e0/0 172.16.3.2
```

```
int e0/0
```

```
ip addr 172.16.3.1 255.255.255.0
```

```
no shut
```

```
exit
```

```
line vty 0 4
```

```
password cisco
```

```
login 
```

```
transport input ssh
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHwaSOpf3_wpoMK4cB%2F-MQIOM31h4W_R85UGJ9U%2Fimage.png?alt=media\&token=1adbd0b9-72dd-4f03-a781-8310be77ceb6)
{% endtab %}

{% tab title="R2" %}

```
ip access-list ex rule
```

```
deny ip 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255
```

```
int e0/0
```

```
ip addr 172.16.3.2 255.255.255.0
```

```
no shut
```

```
int e0/1
```

```
ip access-group rule in
```

```
ip addr 172.16.4.2 255.255.255.0
```

```
no shut
```

```
exit
```

```
ip access-list ex rule
```

```
5 permit icmp 172.16.4.100 0.0.0.0 172.16.3.0 0.0.0.255
```

```
6 permit tcp 172.16.4.200 0.0.0.0 172.16.3.0 0.0.0.255 eq 22
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHwaSOpf3_wpoMK4cB%2F-MQIPSQuCSVoc0uc9TPP%2Fimage.png?alt=media\&token=7d4e83db-ad7e-4401-9f48-ed548d4d96fe)
{% endtab %}

{% tab title="Linux4" %}

```
ip addr add 172.16.4.200/24 brd + dev eth0
```

```
ip route add default via 172.16.4.2
```

```
timedatectl set-timezone Asia/Taipei
```

```
systemctl restart ntp.service
```

```
apt update
```

```
apt install telnet
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHwaSOpf3_wpoMK4cB%2F-MQIQfMQbIS9kNQOgxGJ%2Fimage.png?alt=media\&token=58ddb836-1bef-4876-a498-e5f7bbf3544b)

```
telnet 172.16.3.1
```

{% endtab %}

{% tab title="Linux5" %}

```
ip addr add 172.16.4.100/24 brd + dev eth0
```

```
ip route add default via 172.16.4.2
```

```
timedatectl set-timezone Asia/Taipei
```

```
systemctl restart ntp.service
```

```
apt update
```

```
apt install telnet
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQHwaSOpf3_wpoMK4cB%2F-MQISlQlJJUhr_2_0ENT%2Fimage.png?alt=media\&token=b9ac21a2-fe07-45d5-b510-51dc131e03c1)

```
ping 172.16.3.1
```

![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MQKFq8D5K1aColybjj1%2F-MQKRmiPHAYpnm6kQMzi%2Fimage.png?alt=media\&token=352f020a-8489-436c-a228-dcb1e2f9a2a5)
{% endtab %}
{% endtabs %}