该实验详细描述了如何配置ACL以实现R2的telnet服务仅对PC2开放,同时阻止PC1telnet到R2并限制其ping通信。此外,PC2被禁止pingR2。配置包括IP地址设定、路由设置、telnet服务启用以及ACL规则的制定和应用。
ACL实验
实验要求:
1.R2开启telnet服务
2.PC1可以ping通R2,但是不能telnet R2
3.PC2可以telnet R2,但是不能ping通R2
实验步骤:
1.配置IP
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[PC1-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[PC2-GigabitEthernet0/0/0]ip add 192.168.1.3 24
2.写缺省路由
[PC1]ip route-static 0.0.0.0 0 192.168.1.1
[PC2]ip route-static 0.0.0.0 0 192.168.1.1
[R2]ip route-static 192.168.1.0 24 192.168.2.1
4.开启R1和R2telnet
[R1]aaa
[R1-aaa]local-user Lxx password cipher 123456
[R1-aaa]local-user Lxx service-type telnet
[R1-aaa]local-user Lxx privilege level 15
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
[R2]aaa
[R2-aaa]local-user Lxx password cipher 123456
Info: Add a new user.
[R2-aaa]local-user Lxx service-type telnet
[R2-aaa]local-user Lxx privilege level 15
[R2-aaa]q
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
5.写ACL表
[R1]acl 3000
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.1.1 0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.2.1 0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0 destination 192.168.2.2 0 de
stination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.1.1 0 de
stination-port eq 2
[R1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.2.1 0 de
stination-port eq 23
[R1-acl-adv-3000]rule deny icmp source 192.168.1.3 0 destination 192.168.2.2 0
[R1-acl-adv-3000]q
- 接口调用
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
6.测试
1455
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
