ACL访问控制列表配置

题目

题目和ip配置如下图

上图中PC1和PC2是由两个路由器代替的这两个路由器的网卡都需要配置缺省路由才能ping通

路由配置

PC1

rout 0.0.0.0 0.0.0.0 192.168.1.3

PC2

[PC2]ip rout 0.0.0.0 0.0.0.0 192.168.1.3

R2路由配置

[R2]ip rout 192.168.1.0 24 192.168.2.1

telnet远程登录基础配置

R1、R2 telnet配置
R1

[R1]aaa
[R1-aaa]local-user zhangsan privilege  level 15 password cipher 654321
Info: Add a new user.
[R1-aaa]local-user zhangsan service-type telnet
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa

R2

[R2]aaa
[R2-aaa]local-user lisi privilege level  15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user lisi service-type telnet
[R2-aaa]q
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa

注: 在远程登录的时候只能在用户视图界面远程登录

ACL+Telnet 配置

R1 PC2能ping通PC1ping不通,只允许PC1登录不允许PC2登录
R2 PC1能ping通PC2ping不通,只允许PC2登录不允许PC1登录
R1

[R1]acl 3000
[R1-acl-adv-3000]rule deny icmp source 192.168.1.1 0.0.0.0 destination 192.168.1.3 0.0.0.0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0.0.0.0 destination 192.168.2.2 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.1 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination 192.168.1.3 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny icmp source 192.168.1.1 0.0.0.0 destination 192.168.2.1 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination 192.168.2.1 0.0.0.0 destination-port eq 23
[R1]int G0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

效果

PC1

<PC1>ping 192.168.1.3
  PING 192.168.1.3: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 192.168.1.3 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

<PC1>ping 192.168.2.2
  PING 192.168.2.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=20 ms
    Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=40 ms

  --- 192.168.2.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/40/50 ms

<PC1>telnet 192.168.1.3
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.3 ...
  Connected to 192.168.1.3 ...

Login authentication


Username:zhangsan
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 192.168.1.1     
  Time       : 2023-07-24 21:56:53-08:00     
  -----------------------------------------------------------------------------
<R1>q

  Configuration console exit, please retry to log on

  The connection was closed by the remote host
<PC1>telnet 192.168.2.2
  Press CTRL_] to quit telnet mode
  Trying 192.168.2.2 ...
  Error: Can't connect to the remote host
<PC1>

PC2

<PC2>ping 192.168.1.3
  PING 192.168.1.3: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.3: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 192.168.1.3: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 192.168.1.3: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 192.168.1.3: bytes=56 Sequence=4 ttl=255 time=60 ms
    Reply from 192.168.1.3: bytes=56 Sequence=5 ttl=255 time=40 ms

  --- 192.168.1.3 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms

<PC2>ping 192.168.2.2
  PING 192.168.2.2: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 192.168.2.2 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

<PC2>telnet 192.168.1.3
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.3 ...
  Error: Can't connect to the remote host
<PC2>telnet 192.168.2.2
  Press CTRL_] to quit telnet mode
  Trying 192.168.2.2 ...
  Connected to 192.168.2.2 ...

Login authentication


Username:lisi
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 192.168.1.1     
  Time       : 2023-07-24 21:57:07-08:00     
  -----------------------------------------------------------------------------
<R2>