Lab:11 扩展访问列表

实验目的：仅允许在192.168.2.16/28网络可以telnetR2的S1端口，而192.168.2.0/28不可以telnet,但是可以通过R2访问到R3

Router>
Router>en
Router#con t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host R1
R1(config)#int s0
R1(config-if)#ip add 192.168.2.1 255.255.255.240
R1(config-if)#no sh
%LINK-3-UPDOWN: Interface Serial0, changed state to up
R1(config-if)#exit
R1(config)#route rip
R1(config-router)#net 192.168.2.0
R1(config-router)#exit
R1(config)#exit
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route

Gateway of last resort is not set

     192.168.2.0/28 is subnetted, 2 subnets
C       192.168.2.0 is directly connected, Serial0
R       192.168.2.16 [120/1] via 192.168.2.2, 00:03:29, Serial0

R1#ping 192.168.2.18

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.18, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 192.168.2.17

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Router>
Router>en
Router#con t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int s0
Router(config-if)#ip add 192.168.2.2 255.255.255.240
Router(config-if)#clock rate 64000
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#int s1
Router(config-if)#ip add 192.168.2.17 255.255.255.240
Router(config-if)#clock rate 64000
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#host R2
R2(config)#route rip
R2(config-router)#net 192.168.2.0
R2(config-router)#net 192.168.2.16
R2(config-router)#exit
R2(config)#access-list 101 permit tcp 192.168.2.16 0.0.0.15 any eq telnet  
R2(config)#access-list 102 permit ip 192.168.2.0 0.0.0.15 any log
R2(config)#int s0
R2(config-if)#ip access-group 102 in
R2(config-if)#exit
R2(config)#int s1
R2(config-if)#ip access-group 101 in
R2(config-if)#exit
R2(config)#lin vty 0 4
R2(config-line)#login
R2(config-line)#password test
R2(config-line)#exit

Router>
Router>en
Router#con t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host R3
R3(config)#int s0
R3(config-if)#ip add 192.168.2.18 255.255.255.240
R3(config-if)#no sh
%LINK-3-UPDOWN: Interface Serial0, changed state to up
R3(config-if)#exit
R3(config)#route rip
R3(config-router)#net 192.168.2.16
R3(config-router)#exit
R3(config)#exit

转载于:https://blog.51cto.com/guyun/24228