一、实验拓扑
二、实验要求
1.PC1可以telentR1,不能pingR1,不能telentR2,能pingR2,PC2与之相反
三、主要命令
[r2]acl 2000 //创建一个acl列表
[r2-acl-basic-2000]rule deny source 192.168.1.3 0.0.0.0 //配置命令
[r2]display acl 2000 //查看acl列表
[r2]undo rule 20 //删除命令
[r1-acl-adv-xuqiuer]rule deny ip source 192.168.1.2 0.0.0.0 destination 192.168.3.3 0.0.0.0 //高级acl列表命令
[r2-GigabitEthernet0/0/1]traffic-filter outbound acl 2000 //调用acl列表
四、配置过程
[R1]acl 3000
[R1-acl-adv-3000] rule deny ip source 192.168.1.1 0 0.0.0 destination 192.168.1.1 0 .0.0.0
[R1-acl-adv-3000] rule 10 deny ip source 192.168.1.10 0 0.0.0 destination 192.168.2.1 0 0.0.0
[R1-acl-adv-3000] rule 15 deny tcp source 192.168.1.11 0 0.0.0 destination 192.168.1.1 0 0.0.0 destination-port eq 23
[R1-acl-adv-3000] rule 20 deny tcp source 192.168.1.11 0 0.0.0 destination 192.168.2.1 0 0.0.0 destination-port eq 23
[R1-acl-adv-3000] rule 25 deny tcp source 192.168.1.10 0 0.0.0 destination 192.168.2.2 0 0.0.0 destination-port eq 23
[R1-acl-adv-3000] rule 30 deny ip source 192.168.1.11 0 0.0.0 destination 192.168.2.2 0 0.0.0
[R1-acl-adv-3000] rule 35 permit tcp source 192.168.1.11 0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[R1]traffic-filter outbound acl 3000