eNSP：简单使用acl进阶版

最新推荐文章于 2023-10-11 16:21:49 发布

Zombie_QP

最新推荐文章于 2023-10-11 16:21:49 发布

阅读量350

点赞数

文章标签：网络安全 tcp/ip

本文链接：https://blog.csdn.net/Zombie_QP/article/details/131925371

版权

该实验涉及配置IP地址，创建远程登录用户，设定ACL规则以限制特定流量，并设置路由表。在R1和R2路由器上应用了ACL，但PC1无法成功ping通R1，尽管能telnet连接；而PC2无法telnet连接到R2。

摘要由CSDN通过智能技术生成

实验要求：

在这里插入图片描述

步骤一：配置IP地址

在这里插入图片描述

步骤二：配置IP地址：

PC1:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname PC1
[PC1]int g 0/0/0
[PC1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
Jul 25 2023 18:30:12-08:00 PC1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[PC1-GigabitEthernet0/0/0]

PC2:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname PC2
[PC2]int g 0/0/0
[PC2-GigabitEthernet0/0/0]ip add 192.168.1.2 24
Jul 25 2023 18:30:12-08:00 PC2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[PC2-GigabitEthernet0/0/0]

R1:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.3 24
Jul 25 2023 18:30:12-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
Jul 25 2023 18:31:12-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state.

R2:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
Jul 25 2023 18:32:12-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state.

步骤三：创建远程登录用户，创建acl规则，对应接口执行acl规则，写路由表

R1:

[r1]aaa
[r1-aaa]local-user curry privilege level 15 password cipher 123456
Info: Add a new user.
[r1-aaa]local-user curry service-type telnet
[r1-aaa]user-in	
[r1-aaa]quit
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]q
[r1]acl 3000
[r1-acl-adv-3000]rule deny icmp source 192.168.1.1 0.0.0.0 destination 192.168.1.3 0.0.0.0
[r1-acl-adv-3000]q
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter ?
  inbound   Apply ACL to the inbound direction of the interface 
  outbound  Apply ACL to the outbound direction of the interface 
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[r1-GigabitEthernet0/0/0]
[r1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.2

R2:

[r2]aaa
[r2-aaa]local-u	
[r2-aaa]local-user Curry privilege level 15 password cipher 123456
Info: Add a new user.
[r2-aaa]local-user Curry service-type telnet
[r2-aaa]q
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2-ui-vty0-4]q
[r2]acl 3000
[r2-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination   192.168.2.2 0.0.0.0 destination-port eq 23
[r2-acl-adv-3000]q
[r2]int g 0/0/0  	
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[r2-GigabitEthernet0/0/0]
[r2]ip route-static 192.168.1.0 255.255.255.0 192.168.2.1

PC1:

[PC1]ip route-static 192.168.2.0 255.255.255.0 192.168.1.3

<PC1>ping 192.168.1.3
  PING 192.168.1.3: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out


  --- 192.168.1.3 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

<PC1>telnet 192.168.1.3
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.3 ...
  Connected to 192.168.1.3 ...
Login authentication
Username:curry
Password:
<r1>sys
Enter system view, return user view with Ctrl+Z.

PC2:

[PC2]ip route-static 192.168.2.0 255.255.255.0 192.168.1.3
<PC2>telnet 192.168.2.2
  Press CTRL_] to quit telnet mode
  Trying 192.168.2.2 ...
  Error: Can't connect to the remote host