要求:
1.PC1 可以telnet登录AR1,不能ping 通AR1;
2.pc1可以ping 通AR2,但不能登录AR2
3.PC2的所有规则与pc1相反
拓扑图:
步骤:
1、配置IP
2、添加路由
[AR2]ip route-static 192.168.1.0 24 192.168.2.1
3、添加缺省
[pc1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
[pc2]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
4、设置Telnet远程登录
[AR1]aaa
[AR1-aaa]local-user zx privilege level 15 password cipher 123456
[AR1-aaa]local-user zx service-type telnet
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa
[AR2]aaa
[AR2-aaa]local-user zx privilege level 15 password cipher 654321
[AR2-aaa]local-user zx service-type telnet
[AR2]user-interface vty 0 4
[AR2-ui-vty0-4]authentication-mode aaa
5、AR1上的ACL配置
[AR1]acl 3000
[AR1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.1.1 0
[AR1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.2.1 0
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.2 0 destination 192.168.2.2 0 d
estination-port eq 23
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.1.1 0 d
estination-port eq 23
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.2.1 0 d
estination-port eq 23
[AR1-acl-adv-3000]rule deny icmp source 192.168.1.3 0 destination 192.168.2.2 0
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
6、测试
1)实现PC1 可以telnet登录AR1,不能ping 通AR1
2)实现pc1可以ping 通AR2,但不能登录AR2
3)实现PC2不可以telnet登录AR1,能ping 通AR1
4)实现pc2不可以ping 通AR2,但能登录AR2
扫一扫
320
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
