1.The Missouri branch office router is connected through its s0 interface to the Alabama Headquarters router s1 interface.
The Alabama router has two LANs. Missouri users obtain Internet access through the Headquarters router.
The network interfaces in the topology are addressed as follows:
Missouri: e0 -192.168.35.17/28; s0 – 192.168.35.33/28;
Alabama: e0 - 192.168.35.49/28; s0 – 192.168.35.65/28;
The accounting server has the address of 192.168.35.66/28. Match the access list conditions on the left with the goals on the right. (Not all options on the left are used.)
Answer:
解释一下:第一个框中是要阻断从Missouri router的e0口连接的用户,访问accounting server,所以使用的ACL语句为 deny ip 192.168. 35.16 0.0.0.15 host 192.168.35.66。
第二个框中的要求是阻断Alabame的e0口连接的一个用户,访问 accounting server,这儿没写这个用户的IP地址为多少,根据左边的已经有的命令行可以知道主机的地址为192.168.35.55,所以ACL语句为deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66。
第三框中要求要防止企业外部的用户访问到accounting server,所以需要明确可以访问accounting server的用户都在企业的内部,根据上面给出的各接口分配的地址可以判断出该企业的地址空间为192.168.35.0/24,因此ACL语句为permit ip 192.168.35.0 0.0.0.255 host 192.168.35.66。
本帖隐藏的内容需要回复才可以浏览 | 
发表于 2007-12-14 15:51
| 
发表于 2007-12-14 19:55
| 
