- 实验拓扑
- 实验需求
- 要求PC1可以访问3.0网段,但是PC2不行
- PC1可以访问PC3但是不能访问PC4
- 要求PC1可以ping通R2,但是不能telnetR2
三、实验过程
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[R1-GigabitEthernet0/0/0]
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[R1]ip route-static 192.168.3.0 24 192.168.2.2
[R1]acl name xuqiuer 3000
[R1-acl-adv-xuqiuer]rule deny ip source 192.168.1.2 0.0.0.0 destination 192.168.3.3 0.0.0.0
[R1-acl-adv-xuqiuer]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl name xuqiuer
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
traffic-filter inbound acl name xuqiuer
#
return
[R1-GigabitEthernet0/0/0]undo traffic-filter inbound
[R1-GigabitEthernet0/0/0]q
[R1]acl 3001
[R1-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 destination-port eq 23
[R1-acl-adv-3001]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3001
[Huawei]sys R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.3.1 24
[R2-GigabitEthernet0/0/1]q
[R2]ip route-static 192.168.1.0 24 192.168.2.1
[R2]acl 2000
[R2-acl-basic-2000]rule deny source 192.168.1.3 0.0.0.0
[R2-acl-basic-2000]rule permit source any
[R2-acl-basic-2000]q
[R2]dis acl 2000
Basic ACL 2000, 2 rules
Acl's step is 5
rule 5 deny source 192.168.1.3 0
rule 10 permit
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]traffic-filter outbound acl 2000
[R2-GigabitEthernet0/0/1]q
[R2]
[R2]aaa
[R2-aaa]local-user xijing privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user xijing service-type telnet
[R2-aaa]q
[R2]use
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]q
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]ip route-static 0.0.0.0 0 192.168.1.1
[Huawei]ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=230 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/80/230 ms
[Huawei]q
<Huawei>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Error: Can't connect to the remote host
<Huawei>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=90 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=70 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=70 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/64/90 ms
1435
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
