我们把实验的命令写到文本:
7 j% Y" x. R5 G* j1 I# B5 ]! E2 d7 j1 D 基本配置:. d6 \5 O: F9 b; {2 h$ a4 e
r1:* d8 v1 ^. }; ]! i
en5 _' V+ i& f. y
conf t
$ S& j0 H* c: r% Z9 z host r17 n/ u0 P$ v8 h
enable pass cisco% Q$ X$ H( v# a" |
line vty 0 4& x+ H. {5 C- w' R
pass cisco
6 c) ~+ J$ m+ c! [0 B: B5 ^; G2 h login
5 [) x0 b& O8 I9 V( W6 e: U, S exit8 o2 Z5 u, X& }( T) w
int s0/0" m' V, i! ^# M% b/ a% z0 y0 ~& y) I9 r" |
ip addr 192.168.1.1 255.255.255.05 d7 a1 v6 O. H) o4 k3 M4 b, I
no shut
2 U7 @) h" K, c) T+ @2 |$ V6 m. i clock rate 64000* w* e p, L, L
exit
- S$ P/ s0 d1 o* \% a router rip
& u- G0 f3 |. `$ {& b) j% s ver 27 k1 R& f6 c; g7 F) N. X
no auto-summary) d; w5 o& H) t4 E! \6 H
network 192.168.1.0; G; e% f+ U% v8 ]
exit8 n+ d( P0 A0 b0 ^
r2:" v- W+ H! p* q$ C: @
en" h& T1 S$ ^4 ?+ |* X
conf t9 x* N. `1 F l$ A0 S
host r2
0 I+ x* a6 ~, _* ~. B. ~5 ^% { enable pass cisco* I0 [: Y3 K2 D1 q" b1 t
line vty 0 4. J: ^. ~; Q& C. I, W
pass cisco" x G- f; K9 \, C0 s( ~& b% ^. u
login
5 j5 Q9 f f c0 o4 \ exit
6 q% n+ Q* I. F4 s- y3 j int s0/0
/ u( e+ p5 h7 v8 f. I ip addr 192.168.1.2 255.255.255.0* Y4 p2 S. W2 \& b4 c* F% ? \
no shut Z" w$ B$ y2 u f! d
int s0/16 K7 k% i! m/ ~0 X6 {/ U$ N; m
ip addr 192.168.2.1 255.255.255.0
* e' i8 y$ Q& ]: @; _ no shut
% m9 W' k% J9 h* Z clock rate 640009 Z' X* P7 _' F2 S& }
exit
% I) b' ]6 ^8 G& G2 y; K router rip, y: T% L$ d+ z: d
ver 2
" [* M8 \, U/ e+ M# W H no auto-summary
5 N" i7 h: z# a; D0 \ network 192.168.1.0) Y1 y0 G# L/ X; N, V( d0 Q8 n
network 192.168.2.0
& |6 T; m, Q" Z! q exit
) F" p( a9 K! l3 S, D* F. Y4 ^0 o r3:" G7 n: s; W4 n3 T O/ W' Z. ^8 y3 t
en2 A4 t' S; \% j2 Q6 A
conf t K* i+ G a- ^7 _) j
host r3 I# w- ]# h* E- R9 z; x6 Q& Z
enable pass cisco
% L! ~1 z3 x7 v2 a+ J* k! j5 E line vty 0 4
( e* P2 y9 K5 H1 i, l1 U pass cisco
2 N* L; G0 M+ z login+ G! D8 s. s0 M! B1 q
exit
. V- g9 Z# V" K1 E5 {5 U+ k int s0/1. Y5 r$ W' ?2 M) Q
ip addr 192.168.2.2 255.255.255.0 S7 V" e5 q( z3 m m
no shut
1 c. Z& B8 h; P( O" G exit
( c* J2 k. J8 {; @: A2 P router rip* R/ I1 w8 d, d" X: H; D, y
ver 2
) ^2 P9 ~6 H1 P- u- Q. s no auto-summary
& L1 \1 B8 J; [9 z; ~0 ^) J$ O- y5 ] network 192.168.2.0# t+ i% W) \. @7 n3 Q
exit: O. H; J! `# o* N
在r2上配置拒绝telnet:' J5 }8 w% n; v. F
conf t
* X% B( i D) C. A2 f3 r1 T access-list 101 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq telnet
0 _. g+ h2 ~, g: [# ? access-list 101 permit ip any any/ B4 n+ m' I, P" n7 d, _+ v
int s0/14 f! r7 M$ u. ^ C
ip access-group 100 out
6 I/ W& Q+ ~3 H5 t. q+ V0 \5 n$ u3 } exit1 Y# w. u) Y Z* A9 J
access-list 102 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq ftp
4 Y: p6 G$ \% Z access-list 102 permit ip any any+ H# ^. ~8 k/ L1 S0 E" `
int s0/1+ e5 @. F' H! s8 I& m
ip access-group 100 out
l. k' f0 X0 t* _7 B7 H exit* N0 D3 g9 x9 L# A
access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo
( V7 \. m. k- y$ i { access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo-reply* o5 F# B; Q7 \. i' Z5 @& A! @# |
access-list 103 permit ip any any- g8 V" O, L6 X |
int s0/0$ U4 X$ m$ W! U; l& Y
ip access-group 101 out3 t G$ | \: O1 n
写完了以后我们开始粘贴。
* |! A8 O8 r. ] b$ f
! _- D7 ]* H# {' a. T. m" C 粘贴完并没有错误,我们先不添加访问控制列表看能否telnet
7 I! ]7 v: B( r3 \+ m" r 没有问题可以telnet并打开了
+ r/ ?) \7 h2 m5 y9 m! R7 `! H 3 d; f# T% c9 ?8 C
我们来添加访问列表- F+ q w) p5 ]3 v2 W3 g
D* J$ j. \. j& B) b 在来telnet 如果失败了,我们就成功了。" A+ G, b. N: z
|