配置IP地址指路
完成要求 主机1允许访问www
拒绝主机1访问5.2上面的所有服务
拒绝主机2 访问ftp
主机3拒绝ping5.2
access-list 101 permit tcp host 192.168.1.2 host 192.168.5.2 eq www
access-list 101 deny tcp host 192.168.2.2 host 192.168.5.2 eq ftp
access-list 101 deny icmp host 192.168.3.2 host 192.168.5.2 echo
access-list 101 deny ip host 192.168.1.2 host 192.168.5.2
因为模拟器前面拒绝的话会给后面的默认拒绝所以需要给三个主机再次设置语序流量通过才可行
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
要求 允许1.2访问5.2的www
拒绝1.2访问5.2
允许1.2访问3.0网段
拒绝1.0网段ping5.0网段
access-list 101 permit tcp host 192.168.1.2 host 192.168.5.2 eq www
access-list 101 deny ip host 192.168.1.2 host 192.168.5.2
access-list 101 permit ip host 192.168.1.2 192.168.3.0 0.0.0.255
access-list 101 deny icmp 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255 echo