ACL实验报告

一、实验拓扑

二、实验要求

1.pc1可以访问telnet r1，不能ping r1

2.pc1不能访问telnet r2，但是可以ping r2

3.pc2不可以访问telnet r1，但是可以ping r1

4.pc2能访问telnet r2，但不可以pping r2

三、实验步骤

[pc1]int g0/0/0
[pc1-GigabitEthernet0/0/0]ip add 192.168.1.10 24

[pc1-GigabitEthernet0/0/0]quit

[pc1]ip route-static 0.0.0.0 0 192.168.1.254

[pc2]int g0/0/0
[pc2-GigabitEthernet0/0/0]ip add 192.168.1.11 24

[pc2-GigabitEthernet0/0/0]quit

[pc2]ip route-static 0.0.0.0 0 192.168.1.254

[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.1168.1.1 24

[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24

[r2-GigabitEthernet0/0/0]quit

检验是否全网通

配置telnet

[r1]aaa
[r1-aaa]local-user wangdaye privilege level 15 password cipher wdy123

[r1-aaa]local-user wangdaye service-type telnet
[r1-aaa]quit
[r1]user-interface vty 0 4?
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]quit

[r2]aaa

[r2-aaa]local-user zhangdaye privilege level 15 password cipher zdy123
[r2-aaa]]local-user zhangdaye service-type telnet
[r2-aaa]quit
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2-ui-vty0-4]quit

配置ACL

[r1]acl 3000? ??
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.254 0.0.0.0
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
2.1 0.0.0.0
[r1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destinatio
n 192.168.2.2 0.0.0.0 destination-port eq 23

[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.254 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.
2.1 0.0.0.0 destination-port eq 23

[r1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.
2.2 0.0.0.0

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[r1-GigabitEthernet0/0/0]quit

测试