第八章:ACL实验-CSDN博客

本文链接：https://blog.csdn.net/2301_79624158/article/details/135662869

本文详细描述了一个网络实验，涉及配置IP地址、实现PC1与R1间的Telnet访问，以及设置ACL来限制PC1对R1和R2的特定通信。实验中PC1只能访问TelnetR1，而PC2反之。

摘要由CSDN通过智能技术生成

一，实验拓扑

二，实验要求

全网互通；
PC1可以访问Telnet R1，不能ping R1
PC1不能访问Telnet R2，但可以ping R2
PC2和PC1相反

三，实验步骤

1，配置IP地址，全网可达

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24

[R1-GigabitEthernet0/0/0]int g0/0/1

[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24

[R2]int g0/0/0

[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24

[R2]ip route-static 192.168.1.0 24 192.168.2.1

[PC1]int g0/0/0

[PC1-GigabitEthernet0/0/0]ip add 192.168.1.10 24

[PC1]ip route-static 0.0.0.0 0 192.168.1.254-------模拟网关

[PC2]int g0/0/0

[PC2-GigabitEthernet0/0/0]ip add 192.168.1.11 24

[PC2]ip route-static 0.0.0.0 0 192.168.1.254-------模拟网关

2，配置Telnet[R1]aaa
[R1-aaa]lo
[R1-aaa]local-user nongnong privilege level 15 password cipher nn123456
[R1-aaa]lo
[R1-aaa]local-user nongnong se
[R1-aaa]local-user nongnong service-type telnet
[R1]user-in
[R1]user-interface vty 0 4
[R1-ui-vty0-4]au
[R1-ui-vty0-4]authentication-mode aaa

[R2]aaa
[R2-aaa]lo
[R2-aaa]local-user jinjin pr
[R2-aaa]local-user jinjin privilege level 15 password cipher jj123456
[R2-aaa]lo
[R2-aaa]local-user jinjin service-type telnet
[R2]user-in
[R2]user-interface vty 0 4
[R2-ui-vty0-4]au
[R2-ui-vty0-4]authentication-mode aaa

3,配置ACL

[R1]acl 3000
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 de
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.254 0.0.0.0

[R1]acl 3000
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 de
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 de
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 destination-port eq 23

[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.254 0.0.0.0 de
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.254 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.
2.1 0.0.0.0 destination-port eq 23

[R1-acl-adv-3000]rule deny icmp so
[R1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 de
[R1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.
2.2 0.0.0.0
[R1-acl-adv-3000

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

4，测试