Лабораторная работа. Проверка трафика cbac с маршрутизатором isr что такое контекстно-ориентированный контроль доступа Cisco?

Лабораторное решение

Шаг 1. Активируйте лицензию безопасности на маршрутизаторах ISR 2911.

Router(config)#license boot module c2900 technology-package securityk9

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH
PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING
TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND
BY ALL THE TERMS SET FORTH HEREIN.
Use of this product feature requires an additional license from Cisco,
together with an additional payment. You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the product, including during the 60 day evaluation period, is
subject to the Cisco end user license agreement
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day evaluation period, your use of the product feature will be
governed solely by the Cisco end user license agreement (link above),
together with any supplements relating to such product feature. The
above applies even if the evaluation license is not automatically
terminated and you do not receive any notice of the expiration of the
evaluation period. It is your responsibility to determine when the
evaluation period is complete and you are required to make payment to
Cisco for your use of the product feature beyond the evaluation period.
Your acceptance of this agreement for the software features on one
product shall be deemed your acceptance with respect to all such
software on all Cisco products you purchase which includes the same
software. (The foregoing notwithstanding, you must purchase a license
for each software feature you use past the 60 days evaluation period,
so that if you enable a software feature on 1000 devices, you must
purchase 1000 licenses for use past the 60 day evaluation period.)
Activation of the software command line interface will be evidence of
your acceptance of this agreement.
ACCEPT? [yes/no]: yes
% use 'write' command to make license boot config take effect on next boot
%IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = C2900 Next reboot level = securityk9 and License = securityk9
%LICENSE-6-EULA_ACCEPTED: EULA for feature securityk9 1.0 has been accepted. UDI=CISCO2911/K9:FTX1524PCPQ; StoreIndex=0:Evaluation License Storage

Router(config)#exit

Router#write

Router#
Обратите внимание на «да» в столбце оценки лицензии securityk9: у маршрутизатора нет действительного файла лицензии, но разрешен период оценки. Будьте осторожны в производственной среде!

Шаг 2. Настройте DHCP и NAT на маршрутизаторе 1.

Router(config)#ip dhcp pool LAN

Router(config)#interface GigabitEthernet0/2

Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255

Router(config)#ip nat inside source list 1 interface GigabitEthernet0/2 overload

Шаг 3. Настройте входящий ACL и CBAC для исходящего трафика.