一、实验拓扑
二、实验要求
1、pc1可以访问telnet R1,不能ping r11
2、pc1不能访问trlnet R2,但可以ping R2
3、pc2不可以访问telnet R1,能ping R1
4、pc2能访问telnet R2,但不可以ping R2
三、实验操作和测试
pc1配置
[PC1]int g0/0/0
[PC1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[PC1-GigabitEthernet0/0/0]
[PC1]
[PC1]ip route-static 0.0.0.0 0 192.168.1.254
pc2配置
[PC2]int g0/0/0
[PC2-GigabitEthernet0/0/0]
[PC2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
[PC2]
[PC2]ip route-static 0.0.0.0 0 192.168.1.254
R1配置
[R1]
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]
[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[R1]
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0/0]
[R1]
[R1]aaa
[R1-aaa]local-user wangdaye privilege level 15 password cipher wdy12345
[R1-aaa]
[R1-aaa]local-user wangdaye service-type telnet
[R1-aaa]
[R1]
[R1]user-interface vty 0 4
[R1-ui-vty0-4]
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]
[R1]
[R1]acl 3000
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.254 0.0.0.0
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
2.1 0.0.0.0
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.254 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.
2.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]
[R1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.
2.2 0.0.0.0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[R1-GigabitEthernet0/0/0]
R2配置
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[R2]ip route-static 192.168.1.0 24 192.168.2.1
[R2]
[R2]aaa
[R2-aaa]
[R2-aaa]local-user zhangdaye privilege level 15 password cipher zdy12345
[R2-aaa]
[R2-aaa]local-user zhangdaye service-type telnet
[R2-aaa]
[R2-aaa]quit
[R2]
[R2]user-interface vty 0 4
[R2-ui-vty0-4]
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]quit
最后完成要求
测试部分截图