1)R1只允许WG登录,WG能ping通Server1和Client1
2)YF和CW之间不能互通,但都可以和WG互通
3)YF可以访问Client1
4)CW不能访问Client1
5)YF和CW只能访问Server1的WWW服务
6)只有WG才能访问Server1的所有服务
搭建实验环境
实现此案例需要按照如下步骤进行。
[AR1]ip route-static 192.168.1.0 255.255.255.0 192.168.13.2
[AR1]ip route-static 192.168.10.0 255.255.255.0 192.168.12.2
[AR1]ip route-static 192.168.20.0 255.255.255.0 192.168.12.2
[AR1]ip route-static 192.168.30.0 255.255.255.0 192.168.13.2
[AR2]ip route-static 0.0.0.0 0.0.0.0 192.168.12.1
[AR3]ip route-static 0.0.0.0 0.0.0.0 192.168.13.1
[WG]ip route-static 0.0.0.0 0.0.0.0 192.168.10.254
acl 2000
rule 5 permit source 192.168.10.1 0
rule 10 deny source any
user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
aaa
local-user tedu password cipher tedu
local-user tedu service-type telnet
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
4)在AR2上配置
acl 3000
rule 5 permit ip source 192.168.20.1 0 destination 192.168.10.1 0
rule 10 permit ip source 192.168.20.1 0 destination 1.1.1.1 0
rule 15 permit tcp source 192.168.20.1 0 destination 192.168.1.1 0 destination-port eq 80
rule 20 deny ip source any
int g0/0/2
traffic-filter inbound acl 3000
- 1
- 2
- 3
- 4
- 5
- 6
- 7
5)在AR3上配置
acl 3000
rule 5 permit ip source 192.168.30.1 0 destination 192.168.10.1 0
rule 10 permit tcp source 192.168.30.1 0 destination 192.168.1.1 0 destination-port eq 80
rule 15 deny ip source any
int g0/0/1
traffic-filter inbound acl 3000
- 1
- 2
- 3
- 4
- 5
- 6
6)测试
WG能登录R1,WG能ping通Server1和Client1。
YF和CW之间不能互通,但可以和WG互通,如图 所示。
YF不能ping通Server1,如 所示。
YF能访问Server1的WWW服务,如 所示。
CW和YF之间不能互通,但可以和WG互通。
CW不能ping通Server1和Client1。
CW能访问Server1的WWW服务。
</div>
<link href="https://csdnimg.cn/release/phoenix/mdeditor/markdown_views-60ecaf1f42.css" rel="stylesheet">
<div class="more-toolbox">
<div class="left-toolbox">
<ul class="toolbox-list">
<li class="tool-item tool-active is-like "><a href="javascript:;"><svg class="icon" aria-hidden="true">
<use xlink:href="#csdnc-thumbsup"></use>
</svg><span class="name">点赞</span>
<span class="count"></span>
</a></li>
<li class="tool-item tool-active is-collection "><a href="javascript:;" data-report-click="{"mod":"popu_824"}"><svg class="icon" aria-hidden="true">
<use xlink:href="#icon-csdnc-Collection-G"></use>
</svg><span class="name">收藏</span></a></li>
<li class="tool-item tool-active is-share"><a href="javascript:;" data-report-click="{"mod":"1582594662_002"}"><svg class="icon" aria-hidden="true">
<use xlink:href="#icon-csdnc-fenxiang"></use>
</svg>分享</a></li>
<!--打赏开始-->
<!--打赏结束-->
<li class="tool-item tool-more">
<a>
<svg t="1575545411852" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="5717" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><defs><style type="text/css"></style></defs><path d="M179.176 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5718"></path><path d="M509.684 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5719"></path><path d="M846.175 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5720"></path></svg>
</a>
<ul class="more-box">
<li class="item"><a class="article-report">文章举报</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="person-messagebox">
<div class="left-message"><a href="https://blog.csdn.net/xie_qi_chao">
<img src="https://profile.csdnimg.cn/B/F/6/3_xie_qi_chao" class="avatar_pic" username="xie_qi_chao">
<img src="https://g.csdnimg.cn/static/user-reg-year/1x/2.png" class="user-years">
</a></div>
<div class="middle-message">
<div class="title"><span class="tit"><a href="https://blog.csdn.net/xie_qi_chao" data-report-click="{"mod":"popu_379"}" target="_blank">解启超</a></span>
</div>
<div class="text"><span>发布了405 篇原创文章</span> · <span>获赞 58</span> · <span>访问量 4万+</span></div>
</div>
<div class="right-message">
<a href="https://im.csdn.net/im/main.html?userName=xie_qi_chao" target="_blank" class="btn btn-sm btn-red-hollow bt-button personal-letter">私信
</a>
<a class="btn btn-sm attented bt-button personal-watch" data-report-click="{"mod":"popu_379"}">已关注</a>
</div>
</div>
</div>
</article>