分析:
第一步:配置静态路由
R2:
ip route-static 192.168.1.0 255.255.255.0 192.168.2.1
R1:
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
PC1:
ip route-static 192.168.2.0 255.255.255.0 192.168.1.1
PC2:
ip route-static 192.168.2.0 255.255.255.0 192.168.1.1
第二步:在R1,R2配置telnet服务
[r1]aaa
[r1-aaa]
[r1-aaa]local-user 1 privilege level 15 password cipher 123456
[r1-aaa]local-user 1 service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r2]aaa
[r2-aaa]
[r2-aaa]local-user 2 privilege level 15 password cipher 123456
[r2-aaa]local-user 2 service-type telnet
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
第三步:
因为题目要求PC1可以ping R2,但不能telnet R2。所以在R2上配置:
[r2-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2
.2 0.0.0.0 destination-port eq 23
[r2-GigabitEthernet0/0/0]undo traffic-filter inbound
因为题目要求PC1可以telnet R1但不能ping R1。所以在R1上配置:
[r1]acl name no 3000
[r1-acl-adv-no]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.1.1 0.0.0.0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl name no
因为PC2可以ping R1但不能telnet R1。所以在R1上配置:
[r1-acl-adv-3001]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 23
[r1-GigabitEthernet0/0/0]undo traffic-filter inbound
因为PC2可以telnet R2,但不能ping R2。所以在R2上配置:
[r2]acl name noping 3003
[r2-acl-adv-no]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.2.2 0.0.0.0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl name noping
最后一步验证:
PC1 telnet R1:
PC1 ping R1:
PC1 ping R2:
PC1 telnet R2:
PC2 ping R1:
PC2 telnetR1:
PC2 telnet R2:
PC2 ping R2: