配置静态路由
R2:
ip route-static 192.168.1.0 255.255.255.0 192.168.2.1
R1:
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
PC1:
192.168.2.0
255.255.255.0
92.168.1.1
PC2:
192.168.2.0
255.255.255.0
192.168.1.1
在R1,R2配置telnet服务
R1:
[r1]aaa
[r1-aaa]
[r1-aaa]local-user 1 privilege level 15 password cipher 123456
[r1-aaa]local-user 1 service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r1]acl name no 3000
[r1-acl-adv-no]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.1.1 0.0.0.0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl name no
[r1-acl-adv-3001]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 23
[r1-GigabitEthernet0/0/0]undo traffic-filter inbound
R2:
[r2]aaa
[r2-aaa]
[r2-aaa]local-user 2 privilege level 15 password cipher 123456
[r2-aaa]local-user 2 service-type telnet
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2-acl-adv-3001]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
[r2-GigabitEthernet0/0/0]undo traffic-filter inbound
[r2]acl name noping 3003
[r2-acl-adv-no]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.2.2 0.0.0.0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl name noping
验证: