我们把实验的命令写到文本:. m1 u3 A" R7 ^
基本配置:: v) R+ I3 ], d1 D( ]2 o: Z: k
r1:
]3 H; K- w% j( I en0 @' v* P/ Z" b& p6 o C) X$ u- E2 K
conf t& a. l+ R# M$ N: r: y5 Q$ @4 ^8 u
host r1
) w: w+ o/ {& B! a \ j; ]: q) d; _6 W enable pass cisco. n9 `6 B, b3 i+ ?1 G5 v5 u2 s0 U
line vty 0 4* {4 W8 D1 a8 G
pass cisco
6 f" v# e; K! B2 G$ v8 o login, u i- ]6 ]: z) a
exit
1 I9 ?" e' X& f$ H int s0/0
# W3 I' @1 y' |+ t+ D, Z% ~ ip addr 192.168.1.1 255.255.255.0
3 Y6 a+ S7 X0 C0 V no shut- H$ q1 D9 n. y% r2 u; B1 u
clock rate 64000
& Y) k, ]/ V+ I* I% r, n6 k8 V T exit1 I* W( Y. N" R
router rip
+ H' f* U, b7 F9 `: b; Z ver 2- n$ `* p5 p" O( l1 y
no auto-summary9 k# h5 c. o0 A8 G) a3 Z
network 192.168.1.0
. p( ~' ~6 c2 C. U8 f' v" f$ s5 X exit
0 J. b# r9 f. c: h5 F" S ]# B r2:" Q! F: ]5 s2 o4 C! j' S: g
en k) ?5 T& p u
conf t
. ^6 ?9 b& b, @/ T( f ~ host r2* L) r2 ^9 O# h5 t* Q& X( j8 F
enable pass cisco
8 V6 g) v, A1 f5 o5 A line vty 0 4: Z. S- F v- D2 i9 c0 V
pass cisco
, S7 Z* j- t) A# F login }: g3 l" Z/ g4 r5 c" d/ g
exit& u/ t) [, v' |! f' ^7 f) `1 W
int s0/0
2 B% r1 F: T m4 D& z ip addr 192.168.1.2 255.255.255.06 x7 `, `5 D1 U- H9 O
no shut
4 s( \# M; L2 ^) b6 z3 G3 c! F" L int s0/18 b5 q$ {: q) a; o1 i9 B
ip addr 192.168.2.1 255.255.255.0
- a5 H$ q& y" \, i1 X0 n% [ no shut. g+ d: ~. W1 Y2 B% O
clock rate 640001 S8 m- @* D; n* I+ K2 w! u9 C# f
exit
+ j/ n! n) n* O0 \% Z router rip5 f% | J2 u8 t6 R" z/ U' m
ver 2+ I7 w O; e* k% v
no auto-summary
; W! d4 A: a' Q1 k3 B1 g network 192.168.1.0- H6 r5 g% b* `4 Y( K/ y* Z; Y
network 192.168.2.07 `# [6 B/ t7 M; n5 B
exit
# x# }9 q U% @% I* k, g r3:
6 j( h8 G) ?$ a0 k! D; Q0 `, k" f en
* v0 `" S1 J' k$ J+ X conf t% |* l* ^8 c4 h4 v; x1 C
host r3' s) [+ D) v2 m% q% G5 f
enable pass cisco% V- G- g9 d! Z; Y/ M
line vty 0 41 A5 h! }6 j! m! D8 [
pass cisco
/ j- z7 z4 z! D t4 A login
) \" f( |& K( V. |. x3 r/ F exit2 G8 b% ]$ i, k) Y& v
int s0/1
2 S- w% M: A, ~" m7 ` ip addr 192.168.2.2 255.255.255.09 f9 O0 j- X* T1 U& I
no shut4 a. @. g* K6 G' D2 O
exit* s g9 @- k: {5 K+ L+ o- T- m
router rip
8 j7 R; A+ V+ ?5 E" e ver 2
K) i$ b* H. j no auto-summary' b3 D. w; P% `4 d7 U; \. C5 g
network 192.168.2.0$ n( }5 p2 F3 ]. }0 I* v
exit( G( k, W, L" X3 ?) E
在r2上配置拒绝telnet:
' S. w' @/ D# S2 n7 ? conf t/ J8 \/ Q6 h6 P- K4 r0 U
access-list 101 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq telnet8 q- A0 K0 N# w" h' F" k
access-list 101 permit ip any any
2 h, ` [7 h0 ?8 G. d int s0/1 S" i8 w, O5 u4 }/ z
ip access-group 100 out
( {/ l" m H* a5 ?/ N0 i K exit2 N3 H k% A2 v7 I5 [! x) p' C
access-list 102 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq ftp! J5 e! Q V+ _* O
access-list 102 permit ip any any
8 R1 F+ D, E6 J: C6 ~9 j4 e int s0/1
; a$ }1 j2 l! D2 ^* ]; V9 A ip access-group 100 out) f; A# C/ d% k( l, @7 g4 Q
exit/ F, x% ^3 w0 U3 ~% ?
access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo
* z0 g. T" I! z& Q5 B$ _) V5 h access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo-reply
1 x4 T6 |% ]- n access-list 103 permit ip any any" \) A% e. L1 G
int s0/0
0 Q1 r6 C# ~5 Q8 r. ^ ip access-group 101 out
- U+ m* P0 G4 G2 { 写完了以后我们开始粘贴。 , K- U6 }$ @" m* \1 S/ ~6 A
1 ]% l! k% _& E. u 粘贴完并没有错误,我们先不添加访问控制列表看能否telnet/ S# T! O* ]+ n: r8 _0 o+ Q, ?. b
没有问题可以telnet并打开了
" p2 T( l/ v: i% [3 j- t) W
4 I% B* k ~$ ]! a: H( \6 A 我们来添加访问列表7 C9 o7 Q2 R1 }5 P; s, Q
7 m# p' B/ x: Q7 Q4 w1 `3 n2 l 在来telnet 如果失败了,我们就成功了。2 N( L, ^* H+ ]# e Z, c0 `: f/ J
|