請教各位高手
小弟本人最近去考CCNA遇到的實作題類似如下:
CORRECT TEXT
A network associate is adding security to the configuration of the Corp1
router. The user on host C should
be able to use a web browser to access financial information from the Finance
Web Server. No other hosts from the LAN nor the Core should be able to use a
web browser to access this server. Since there are multiple resources for the
corporation at this location including other resources on the Finance Web
Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three
statements that will allow ONLY host C web access to the Finance Web Server.
No other hosts will have web access to the Finance Web Server. All other
traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to "cisco".
The Core connection uses an IP address of 198.18.196.65.
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1
192.168.33.254
- host A 192.168.33.1
- host B 192.168.33.2
- host C 192.168.33.3
- host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 -
172.22.242.30.
The Finance Web Server is assigned an IP address of 172.22.242.23.
附上解答
Answer:
Select the console on Corp1 router Configuring ACL
Corp1>enable
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23
eq 80
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa 0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config
我按照他的方式去輸入答案,在執行到下面這行指令的時候出現這樣的結果
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23
eq 80
% Invalid input detected at ‘^’ marker.
一時之間不知道該如何修正,後來也就GG了只好再去考一次,有哪位高手可以救救我一下
讓我知道我錯在哪裡