第一步给每一个路由器端口配置IP
R1
R2
配置NAT与ACL
interface GigabitEthernet0/0/2
ip address 23.0.0.1 255.255.255.0
traffic-filter inbound acl 3000
traffic-filter outbound acl 3005
nat server protocol tcp global current-interface telnet inside 192.168.1.2 teln
et
nat outbound 2000 address-group 1 no-pat
acl配置
rule deny tcp source 34.0.0.3 0 destination 23.0.0.1 0 destinat
ion-port eq 23 --- test2的Telnet访问控制
rule deny icmp source 192.168.2.2 0 destination 34.0.0.2 0--- PC2的访问控制