Configuration experiment of ACL extension

I. experimental configuration and requirements

The configuration requirements for establishing ACL extension on the route are as follows:
1. Allow PC1 to access Linux web Services
2. Allow PC2 to access the ftp service of Linux
3. Prohibit PC1 and PC2 from accessing other Linux services
4. Allow PC1 to access PC2

II. Deployment of experimental environment

1. pc1, pc2 and Linux systems are set with static IP, sub mask and gateway, and are bound with corresponding network card.
2. Complete the installation and startup of Linux server related services

[root@localhost ~]# yum install vsftpd -y / / install ftp service.
[root@localhost ~]# yum install httpd -y / / install http service.
[root@localhost ~]# systemctl stop firewalld.service / / turn off the firewall
[root@localhost ~]# setenforce 0 / / turn off enhanced security
[root@localhost ~]# systemctl start httpd / / start the service
[root@localhost ~]# systemctl start vsftpd
[root@localhost ~]# netstat -ntap | egrep '(21|80)' / / check the service startup status (port 80 is http, port 21 is ftp)
tcp6       0      0 :::80                   :::*                    LISTEN      6399/httpd          
tcp6       0      0 :::21                   :::*       

3. Routing configuration: three ports set IP

R1#conf t 
R1(config)#int f 0/0
R1(config-if)#ip add
R1(config-if)#no shut 
R1(config-if)#int f 0/1
R1(config-if)#ip add
R1(config-if)#no shut 
R1(config-if)#int f 1/0
R1(config-if)#ip add 
R1(config-if)#no shut 
R1(config)#do show ip route                 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C is directly connected, FastEthernet0/0
C is directly connected, FastEthernet0/1
C is directly connected, FastEthernet1/0

4. Configure the extended ACL

R1(config)#access-list 100 permit  tcp eq 80           
R1(config)#access-list 100 permit tcp host host eq 21      
R1(config)#access-list 100 permit ip host         
R1(config)#do show access-list
Extended IP access list 100
    10 permit tcp eq www
    20 permit tcp host host eq ftp
    30 permit ip host
R1(config)#int  f0/1        
R1(config-if)#ip access-group 100 in
R1(config-if)#int  f0/0
R1(config-if)#ip access-group 100 in

5. Result test
pc1 can access web site services

PC 2 can access ftp service

Allow pc1 to access pc2

Keywords: Linux ftp yum vsftpd

Added by PHPnewb_JavaAdept on Thu, 17 Oct 2019 19:39:49 +0300