ACL访问控制列表配置
题目
题目和ip配置如下图
上图中PC1和PC2是由两个路由器代替的这两个路由器的网卡都需要配置缺省路由才能ping通
路由配置
PC1
rout 0.0.0.0 0.0.0.0 192.168.1.3
PC2
[PC2]ip rout 0.0.0.0 0.0.0.0 192.168.1.3
R2路由配置
[R2]ip rout 192.168.1.0 24 192.168.2.1
telnet远程登录基础配置
R1、R2 telnet配置
R1
[R1]aaa
[R1-aaa]local-user zhangsan privilege level 15 password cipher 654321
Info: Add a new user.
[R1-aaa]local-user zhangsan service-type telnet
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
R2
[R2]aaa
[R2-aaa]local-user lisi privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user lisi service-type telnet
[R2-aaa]q
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
注: 在远程登录的时候只能在用户视图界面远程登录
ACL+Telnet 配置
R1 PC2能ping通PC1ping不通,只允许PC1登录不允许PC2登录
R2 PC1能ping通PC2ping不通,只允许PC2登录不允许PC1登录
R1
[R1]acl 3000
[R1-acl-adv-3000]rule deny icmp source 192.168.1.1 0.0.0.0 destination 192.168.1.3 0.0.0.0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0.0.0.0 destination 192.168.2.2 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.1 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination 192.168.1.3 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny icmp source 192.168.1.1 0.0.0.0 destination 192.168.2.1 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination 192.168.2.1 0.0.0.0 destination-port eq 23
[R1]int G0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
效果
PC1
<PC1>ping 192.168.1.3
PING 192.168.1.3: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.1.3 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
<PC1>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=20 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/40/50 ms
<PC1>telnet 192.168.1.3
Press CTRL_] to quit telnet mode
Trying 192.168.1.3 ...
Connected to 192.168.1.3 ...
Login authentication
Username:zhangsan
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 192.168.1.1
Time : 2023-07-24 21:56:53-08:00
-----------------------------------------------------------------------------
<R1>q
Configuration console exit, please retry to log on
The connection was closed by the remote host
<PC1>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Error: Can't connect to the remote host
<PC1>
PC2
<PC2>ping 192.168.1.3
PING 192.168.1.3: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.3: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.1.3: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 192.168.1.3: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 192.168.1.3: bytes=56 Sequence=4 ttl=255 time=60 ms
Reply from 192.168.1.3: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 192.168.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
<PC2>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
<PC2>telnet 192.168.1.3
Press CTRL_] to quit telnet mode
Trying 192.168.1.3 ...
Error: Can't connect to the remote host
<PC2>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Connected to 192.168.2.2 ...
Login authentication
Username:lisi
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 192.168.1.1
Time : 2023-07-24 21:57:07-08:00
-----------------------------------------------------------------------------
<R2>