9.22 IPv6 Filtering
• Configure R3’s Frame-Relay interface so that only FTP and HTTP traffic
from the users on VLAN 67 can access the interface.
• Allow DNS queries and responses from the same subnet, and ensure IPv6
routing will not be affected.
• Enable HTTP Server on R5
----------------------------------------------
題目應該要提醒 VLAN 67 <---------經過 R3 -------------> R5,filtering下在R3的Serial 1/0上
於是進出都要下囉....因為沒有分client / server
R3:
ipv6 access-list FILTER_OUT
permit tcp fc00:1:0:67::/64 any eq 80
permit tcp fc00:1:0:67::/64 any range 20 21
permit udp fc00:1:0:67::/64 any eq 53
!
ipv6 access-list FILTER_IN
permit tcp any eq 80 fc00:1:0:67::/64
permit tcp any range 20 21 fc00:1:0:67::/64
permit udp any eq 53 fc00:1:0:67::/64
permit 89 any any
!
interface Serial 1/0
ipv6 traffic-filter FILTER_OUT out
ipv6 traffic-filter FILTER_IN in
R5
ip http server
----------------------------------------------
Rack1SW1#ping 2001:1:0:1234::3
Rack1SW1#ping 2001:1:0:1234::5
Rack1R3#show ipv6 ospf neighbor
Rack1SW1#telnet 2001:1:0:1234::5 80
Rack1SW1#telnet 2001:1:0:1234::5 80 /source-interface vlan 67
沒有留言:
張貼留言