实验拓扑
实验要求
1.PC1可以访问Telent R1,但不能pingR1
2.PC1 不能访问Telent R2,但可以pingR2
3.PC2不可以访问Telent R1,能ping R1
4.PC2能访问Telnet R2,但不可以ping R2
实验思路与实验步骤
1.配置IP地址,实现全网可达
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[PC 1]int g0/0/0
[PC 1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[PC 2]int g0/0/0
[PC 2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
2.配置静态路由协议
[R2]ip route-static 192.168.1.254 24 192.168.2.1
[PC 1ip route-static 0.0.0.0 0 192.168.1.254
[PC 2]ip route-static 0.0.0.0 0 192.168.1.254
3.配置Telent
[R1]aaa
[R1-aaa]local-user wangdaye privilege level 15 password cipher wdy12345
[R1-aaa]local-user wangdaye service-type telent
[R1]user-interface vty 0 4
[R1-ui-vyt0-4]authentication-mode aaa
[R2]aaa
[R2-aaa]local-user zhangdaye privilege level 15 password cipher zdy12345
[R2-aaa]local-user wangdaye service-type telent
[R2]user-interface vty 0 4
[R2-ui-vyt0-4]authentication-mode aaa
4.配置ACL
[R1]acl 3000
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.2.1 0.0.0.0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.1.254 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.2.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destinatio 192.168.1.254 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.2.2 0.0.0.0
5.下放ACL
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
测试