
把各个网段的地址地址标注在上面

配置路由:
R1:
[R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.2.1 24
R2
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[R2-GigabitEthernet0/0/0]q
[R2]ip route-static 192.168.1.0 24 192.168.2.1
PC1
[PC1]int g 0/0/0
[PC1-GigabitEthernet0/0/0]ip address 192.168.1.2 24
[PC1-GigabitEthernet0/0/0]q
[PC1]ip route-static 0.0.0.0 0 192.168.1.1
PC2
[pc2]int g0/0/0
[pc2-GigabitEthernet0/0/0]ip address 192.168.1.3 24
[pc2-GigabitEthernet0/0/0]q
[pc2]ip route-static 0.0.0.0 0 192.168.1.1
基础配置完成后尝试一下看相互之间是否可以ping通


Talnet远程登陆账号及密码配置
R1
[R1]aaa
[R1-aaa]local-user chen privilege level 15 password cipher 123456
[R1-aaa]local-user chen service-type telnet
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]au
[R1-ui-vty0-4]authentication-mode aaa
R2
[R2]aaa
[R2-aaa]local-user chen privilege level 15 password cipher 654321
[R2-aaa]local-user chen service-type telnet
[R2-aaa]q
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
ACL配置
R1
[R1]acl 3000
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.1.1 0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.2 0 destination 192.168.2.1 0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.2 0 destination 192.168.2.2 0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.1.1 0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.3 0 destination 192.168.2.1 0 destination-port eq 23
[R1-acl-adv-3000]rule deny icmp source 192.168.1.3 0 destination 192.168.2.2 0
//接口调用 调用时一定要注意方向
[R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
测试结果
1、PC1可以telnet登录R1,不能ping通R1


2、PC1可以ping通R2,但不能登录R2


3、PC2不可以telnet登录R1,能ping通R1

4、PC2不可以ping通R2,但能登录R2


文章描述了在一个网络环境中,对路由器R1和R2以及两台PC的IP配置,包括静态路由设置和互访测试。接着,配置了远程登录账号和密码,并在R1上设置了ACL以限制特定IP的ICMP和TCP流量。测试结果显示,PC1和PC2的访问权限受到限制,符合预期的ACL规则效果。

9425

被折叠的 条评论
为什么被折叠?



