实验要求及实验模型
首先在模拟器上搭建实验模型,并给相应的设备设置IP地址;
给pc1和pc2的路由表中写入一个去往192.168.2.0/24 网段的路由。
[pc1]ip route-static 192.168.2.0 24 192.168.1.1
[pc2]ip route-static 192.168.2.0 24 192.168.1.1
[r2]ip route-static 192.168.1.0 24 192.168.2.1
开启 R1和R2的远程登录协议:
R2:创建登陆用户 [r2-aaa]local-user zhangshan privilege level 15 password cipher 1234567
指定类型:[r2-aaa]local-user lisi service-type telnet
开启虚拟登录窗口:[r2]user-interface vty 0 2
设置认证类型:[r2-ui-vty0-2]authentication-mode aaa
R1:创建登录用户:[r1-aaa]local-user qq privilege level 15 password cipher 654321
指定类型:[r1-aaa]local-user lisi service-type telnet
开启窗口:[r1]user-interface vty 0 3
认证类型:[r1-ui-vty0-3]authentication-mode aaa
为达到实验要求,需要开启高级ACL服务,并将该ACL列表放在R1的0/0/0接口:
pc1可以telnet R1,不能ping R1,pc1不可以telnet R2但是pc1可以ping R2:
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.1 0.0.1.0-----pc1不能pingR1
[r1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 destination-port eq 23----pc1不能telnetR2
pc2不可以telnet R1,能ping R1,pc2可以telnet R2但是pc2不可以ping R2:
[r1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.
2.2 0.0.0.0-----pc2不能pingR2
[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.2
.1 0.0.0.0 destination-port eq 23----pc2不能telnetR1
创建好高级ACL表后,还不能实现流量的控制。还需要将高级ACL表交给相应的端口。R1的0/0/1端口调用。
[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
相应的配置已经搞定,通过相关配置是否能达到是要目标。通过试验最直接:
用pc1不能ping R1,能telnet R1,pc1能ping R2,不能telnet R2,:
pc1----R1:
<pc1>ping 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
<pc1>telnet 192.168.2.1
Press CTRL_] to quit telnet mode
Trying 192.168.2.1 ...
Connected to 192.168.2.1 ...
Login authentication
Username:qq
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 192.168.1.10
Time : 2021-07-18 22:38:30-08:00
-----------------------------------------------------------------------------
pc1--R2:
<pc1>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=70 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=70 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/60/70 ms
<pc1>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Error: Can't connect to the remote host
pc2不能telnetR1,能ping R1,pc2能telnetR2,不能ping R2:
pc2---R1:
<pc2>ping 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=50 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/44/50 ms
<pc2>telnet 192.168.1.1
Press CTRL_] to quit telnet mode
Trying 192.168.1.1 ...
Error: Can't connect to the remote host
<pc2>telnet 192.168.2.1
Press CTRL_] to quit telnet mode
Trying 192.168.2.1 ...
Error: Can't connect to the remote host
pc2---R2:
<pc2>ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
<pc2>telnet 192.168.2.2
Press CTRL_] to quit telnet mode
Trying 192.168.2.2 ...
Connected to 192.168.2.2 ...
Login authentication
Username: