访问控制列表（ACL）应用示例

　　带Established选项的扩展访问列表

　　拓扑：

　　R2-(S2/0)——(S2/0)-R1(S2/1)——(S2/1)-R3

　　带有Established的扩展访问列表允许内部用户访问外部网络，而拒绝外部网络访问内部网络，而没带Established的标准访问列表和扩展访问列表没有这个特性。

　　这个示例首先用OSPF来使全网互联。

　　R1

r1#sh run *Mar 1 00:25:17.275: %SYS-5-CONFIG_I:
Configured from console by console Building configuration...
Current configuration : 1410 bytes
! version 12.2 service timestamps debug datetime msec service timestamps
log datetime msec no service password-encryption
! hostname r1
! logging queue-limit 100
! ip subnet-zero
! ! ! ip audit notify log ip audit po max-events 100 mpls ldp logging neighbor-changes
! ! ! ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination
! ! mta receive maximum-recipients 0
! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0
! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto
! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto
! interface Serial2/0 ip address 12.1.1.1 255.255.255.0 encapsulation frame-relay
ip ospf network point-to-point serial restart_delay 0 frame-relay map
ip 12.1.1.2 102 broadcast no frame-relay inverse-arp
! interface Serial2/1 ip address 13.1.1.1 255.255.255.0 encapsulation frame-relay i
p ospf network point-to-point serial restart_delay 0 frame-relay map
ip 13.1.1.3 113 broadcast
! interface Serial2/2 no ip address shutdown serial restart_delay 0
! interface Serial2/3 no ip address shutdown serial restart_delay 0
! router ospf 10 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0
! ip http server no ip http secure-server ip classless
! ! ! ! ! call rsvp-sync ! ! mgcp profile default
! ! ! dial-peer cor custom
! ! ! ! ! line con 0 line aux 0 line vty 0 4 no login
! ! end　

　　R2