一、实验拓扑
二、实验要求
1.pc1可以访问telnet r1,不能ping r1
2.pc1不能访问telnet r2,但是可以ping r2
3.pc2不可以访问telnet r1,但是可以ping r1
4.pc2能访问telnet r2,但不可以pping r2
三、实验步骤
[pc1]int g0/0/0
[pc1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[pc1-GigabitEthernet0/0/0]quit
[pc1]ip route-static 0.0.0.0 0 192.168.1.254
[pc2]int g0/0/0
[pc2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
[pc2-GigabitEthernet0/0/0]quit
[pc2]ip route-static 0.0.0.0 0 192.168.1.254
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.1168.1.1 24
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[r2-GigabitEthernet0/0/0]quit
检验是否全网通
配置telnet
[r1]aaa
[r1-aaa]local-user wangdaye privilege level 15 password cipher wdy123
[r1-aaa]local-user wangdaye service-type telnet
[r1-aaa]quit
[r1]user-interface vty 0 4?
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]quit
[r2]aaa
[r2-aaa]local-user zhangdaye privilege level 15 password cipher zdy123
[r2-aaa]]local-user zhangdaye service-type telnet
[r2-aaa]quit
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2-ui-vty0-4]quit
配置ACL
[r1]acl 3000? ??
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.254 0.0.0.0
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
2.1 0.0.0.0
[r1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destinatio
n 192.168.2.2 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1
.254 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.
2.1 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny icmp source 192.168.1.11 0.0.0.0 destination 192.168.
2.2 0.0.0.0
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[r1-GigabitEthernet0/0/0]quit
测试