C10.1.1.0/24is directly connected,FastEthernet0/0
C10.2.2.0/24is directly connected,FastEthernet0/1
D192.168.1.0/24[90/20514560] Via202.66.200.34,00:13:49,Serial0/0
D192.168.2.0/24[90/20514560] Via202.66.200.34,00:13:49,Serial0/0
202.66.200.0/24is Variably subnetted,2subnets,2masks
D202.66.200.0/24is a summary,00:15:15,Null0
C202.66.200.32/30is directly connected,Serial0/0
Router1#
以上显示的路由信息非常清楚。下面利用PC1、PC4来分别ping PC2、PC6,以检测整个网络是否连通。
PC1ping PC2和PC6
PC>ipconfig//PC1
IPAddress......................:10.1.1.3
Subnet Mask.....................:255.255.255.0
Default GateWay.................:10.1.1.1
C>ping192.168.1.2//PC2
Pinging192.168.1.2With32bytes of data:
Reply from192.168.1.2:bytes=32time=109ms TTL=126
Reply from192.168.1.2:bytes=32time=141ms TTL=126
Reply from192.168.1.2:bytes=32time=125ms TTL=126
Reply from192.168.1.2:bytes=32time=141ms TTL=126
Ping statistics for192.168.1.2:
Packets:Sent=4,ReceiVed=4,Lost=0(0% loss),
Approximate round trip times in milli-seconds:
Minimum=109ms,Maximum=141ms,AVerage=129ms
C>ping192.168.2.2//ping PC6
Pinging192.168.2.2With32bytes of data:
Reply from192.168.2.2:bytes=32time=156ms TTL=126
Reply from192.168.2.2:bytes=32time=141ms TTL=126
Reply from192.168.2.2:bytes=32time=125ms TTL=126
Reply from192.168.2.2:bytes=32time=111ms TTL=126
Ping statistics for192.168.2.2:
Packets:Sent=4,ReceiVed=4,Lost=0(0% loss),
Approximate round trip times in milli-seconds:
Minimum=111ms,Maximum=156ms,AVerage=133ms
C>
测试结果PC1pingPC2通,PC1pingPC6通,说明网络10.1.1.0/24分别与网络192.168.1.0/24和网络192.168.2.0/24连通。下面用PC4分别pingPC2和PC6,验证网络10.2.2.0/24分别与网络192.168.1.0/24和网络192.168.2.0/24是否连通。
C>ipconfig//PC4
IPAddress......................:10.2.2.2
Subnet Mask.....................:255.255.255.0
Default GateWay.................:10.2.2.1
C>ping192.168.1.2//ping PC2
Pinging192.168.1.2With32bytes of data:
Reply from192.168.1.2:bytes=32time=190ms TTL=126
Reply from192.168.1.2:bytes=32time=172ms TTL=126
Reply from192.168.1.2:bytes=32time=143ms TTL=126
Reply from192.168.1.2:bytes=32time=110ms TTL=126
Ping statistics for192.168.1.2:
Packets:Sent=4,ReceiVed=4,Lost=0(0% loss),
Approximate round trip times in milli-seconds:
Minimum=110ms,Maximum=190ms,AVerage=153ms
C>ping192.168.2.2//ping PC6
Pinging192.168.2.2With32bytes of data:
Reply from192.168.2.2:bytes=32time=172ms TTL=126
Reply from192.168.2.2:bytes=32time=143ms TTL=126
Reply from192.168.2.2:bytes=32time=141ms TTL=126
Reply from192.168.2.2:bytes=32time=125ms TTL=126
Ping statistics for192.168.2.2:
Packets:Sent=4,ReceiVed=4,Lost=0(0% loss),
Approximate round trip times in milli-seconds:
Minimum=125ms,Maximum=172ms,AVerage=145ms
C>
测试结果PC4pingPC2通,PC4pingPC6通,说明网络10.2.2.0/24分别与网络192.168.1.0/24和网络192.168.2.0/24连通,整个网络连通。
4.访问控制策略配置
访问控制策略配置主要与Router1有关。
Router1(config)#ip access-list ?
extended Extended Access List
standard Standard Access List
Router1(config)#ip access-list standard ?
<1-99>Standard IPaccess-list number
WORD Access-list name
Router1(config)#ip access-list standard10?
< cr>
Router1(config)#ip access-list standard10
Router1(config-std-nacl)#?
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forWard
remark Access list entry comment
Router1(config-std-nacl)#permit ?
A.B.C.D Address to match
any Any source host
host A single host address
Router1(config-std-nacl)#permit10.1.1.0?
A.B.C.D Wildcard bits
< cr>
Router1(config-std-nacl)#permit10.1.1.00.0.0.255 ?
< cr>
Router1(config-std-nacl)#permit10.1.1.00.0.0.255
Router1(config-std-nacl)#deny ?
A.B.C.D Address to match
any Any source host
host A single host address
Router1(config-std-nacl)#deny any ?
< cr>