Cisco Packet Tracer6.3
使用Cisco Packet Tracer6.3
实验使用拓扑
首先先查看许可文件情况enableshow license feature
需要激活2911路由器设备的许可操作步骤如下:Router>enable Router#configure terminal Router(config)#license boot module c2900 technology-package securityk9PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN. Use of this product feature requires an additional license from Cisco, together with an additional payment. You may use this product feature on an evaluation basis, without payment to Cisco, for 60 days. Your use of the product, including during the 60 day evaluation period, is subject to the Cisco end user license agreement http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html If you use the product feature beyond the 60 day evaluation period, you must submit the appropriate payment to Cisco for the license. After the 60 day evaluation period, your use of the product feature will be governed solely by the Cisco end user license agreement (link above), together with any supplements relating to such product feature. The above applies even if the evaluation license is not automatically terminated and you do not receive any notice of the expiration of the evaluation period. It is your responsibility to determine when the evaluation period is complete and you are required to make payment to Cisco for your use of the product feature beyond the evaluation period.Your acceptance of this agreement for the software features on one product shall be deemed your acceptance with respect to all such software on all Cisco products you purchase which includes the same software. (The foregoing notwithstanding, you must purchase a license for each software feature you use past the 60 days evaluation period, so that if you enable a software feature on 1000 devices, you must purchase 1000 licenses for use past the 60 day evaluation period.)Activation of the software command line interface will be evidence of your acceptance of this agreement.ACCEPT? [yes/no]: yes% use 'write' command to make license boot config take effect on next boot %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = C2900 Next reboot level = securityk9 and License = securityk9 %LICENSE-6-EULA_ACCEPTED: EULA for feature securityk9 1.0 has been accepted. UDI=CISCO2911/K9:FTX1524PCPQ; StoreIndex=0:Evaluation License StorageRouter(config)#exit Router# %SYS-5-CONFIG_I: Configured from console by console Router#write Building configuration...[OK]Router#reload重启后查看许可文件情况Router>enableRouter#show license feature
配置接口地址configure terminalinterface GigabitEthernet0/0no shutdownip address 192.168.1.1 255.255.255.0exitinterface GigabitEthernet0/1no shutdownip address 1.1.1.1 255.255.255.252exit
添加acl和CBACip access-list extended DENY_ANYdeny ip any anyexitinterface GigabitEthernet0/1ip access-group DENY_ANY inexitip inspect name ALLOWED_TRAFIC http audit-trail onip inspect name ALLOWED_TRAFIC icmp audit-trail oninterface gigabitEthernet 0/1ip inspect ALLOWED_TRAFIC outexit
两台服务器的ip配置
两台服务器web服务器都打开
server1测试ping及web访问
server0测试ping及web访问