ACL实验
1.拓扑图
2.需求分析
首先配置ip,用OSPF ping通全网,再配置R2的Telnet。然后使用ACL进行要求二和三
3.步骤
R1
[Huawei]int g 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[Huawei-GigabitEthernet0/0/0]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule deny tcp source 192.168.1.2 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq telnet
[Huawei-acl-adv-3000]rule deny icmp source 192.168.1.3 0.0.0.0 destination 192.168.2.2 0.0.0.0
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
R2
[Huawei]int g 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]q
[Huawei]aaa
[Huawei-aaa]local-user huawei password cipher 123456
PC1
[Huawei]int g 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.2 24
[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
PC2
[Huawei]int g 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.3 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
4.验证