需求分析
1.R2开启telnet服务
2.pc1可以ping通R2,但不能telnet R2
3.pc2可以telnet R2,但不能ping通R2
配置内容
[pc1]int g 0/0/0
[pc1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[pc1]ip route-static 192.168.2.0 24 192.168.1.1
PC2:
[pc2]int g 0/0/0
[pc2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
[pc2]ip route-static 192.168.2.0 24 192.168.1.1
AR1:
[AR1]int g 0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[AR1-GigabitEthernet0/0/1]int g 0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[AR1]acl 3001
[AR1-acl-adv-3001]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.2.2 0.0.0.0
[AR1]int g 0/0/1
[AR1-GigabitEthernet0/0/1]traffic-filter outbound acl 3001
AR2:
[AR2]int g 0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[AR2]ip route-static 192.168.1.0 24 192.168.2.1
[AR2]user-interface vty 0 4
[AR2-ui-vty0-4]authentication-mode aaa
[AR2]aaa
[AR2-aaa]local-user tangjie password cipher 123456
[AR2-aaa]local-user tangjie privilege level 15
[AR2-aaa]local-user tangjie service-type telnet
[AR2]acl 3000
[AR2-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[AR2]int g 0/0/0
[AR2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000