ACL作业

一、给各个物理接口配ip地址

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/0]
Jan 12 2025 23:23:34-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]q
[r1]int g 0/0/01
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 24

[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
Jan 12 2025 23:24:16-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r2-GigabitEthernet0/0/0]

PC1]int g 0/0/0
[PC1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[PC1-GigabitEthernet0/0/0]

[PC2]int g 0/0/0
[PC2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
[PC2-GigabitEthernet0/0/0]

二、让全网联通，加静态路由

[r2]ip rou    
[r2]ip route-    
[r2]ip route-static 192.168.1.0 24 192.168.2.1

在PC1和PC2上面做缺省路由

[PC1]ip rou    
[PC1]ip route-    
[PC1]ip route-static 0.0.0.0 0 192.168.1.1

[PC2]ip rou    
[PC2]ip route-    
[PC2]ip route-static 0.0.0.0 0 192.168.1.1

验证

[PC2]ping 192.168.2.2
  PING 192.168.2.2: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=254 time=80 ms
    Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=254 time=40 ms

  --- 192.168.2.2 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 40/52/80 ms

三、开启telnet 协议

[r1]aaa
[r1-aaa]l aa p l 15 p c 123456
Info: Add a new user.
[r1-aaa]l aa se tel
[r1-aaa]q
[r1]us    
[r1]user-int    
[r1]user-interface v    
[r1]user-interface vty 0 4
[r1-ui-vty0-4]au aaa
[r1-ui-vty0-4]

在PC1上进行验证

<PC1>tel 192.168.1.1
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.1 ...
  Connected to 192.168.1.1 ...

Login authentication

Username:aa
Password:
<r1>q
 

[r2]aaa
[r2-aaa]l bb p l 15 p c 123456
Info: Add a new user.
[r2-aaa]l bb se tel
[r2-aaa]q
[r2]us v 0 4
[r2-ui-vty0-4]au aaa
[r2-ui-vty0-4]

四、PC1能telnet r1不能ping r1

创建acl列表（高级）在R1上面

[r1]acl 3000
[r1-acl-adv-3000]rule de icmp s 192.168.1.10 0.0.0.0 de 192.168.2.1 0.0.0.0
[r1-acl-adv-3000]rule de    
[r1-acl-adv-3000]rule deny i    
[r1-acl-adv-3000]rule deny icmps    
[r1-acl-adv-3000]rule deny icmp s    
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 de    
[r1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.
1.1 0.0.0.0
五、PC1不能telnet r2 但能ping r2

[r1-acl-adv-3000]rule de    
[r1-acl-adv-3000]rule deny tcp s    
[r1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 de 192.168.2.2 0.0.0.
0 de eq 23

六、PC2能telnet r2 但不能ping r2

[r1-acl-adv-3000]rule de icmp s 192.168.1.11 0.0.0.0 de 192.168.2.2 0.0.0.0 
 

七、PC2不能telnet r1但能ping r1

[r1-acl-adv-3000]rule de tcp s 192.168.1.11 0.0.0.0 de 192.168.1.1 0.0.0.0 de eq
 23
[r1-acl-adv-3000]rule de tcp s 192.18.1.11 0.0.0.0 de 192.168.2.1 0.0.0.0 de eq 
23 

八、在r1的入端口进行应用

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]t in acl 3000
 

对六七八进行测试

<PC1>tel 192.168.1.1
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.1 ...
  Connected to 192.168.1.1 ...

Login authentication

Username:aa 123456
Password:
Error: Failed to send authen-req.

  Logged Fail!

Username:aa
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 192.168.1.10     
  Time       : 2025-01-12 23:46:13-08:00     
  -----------------------------------------------------------------------------
<r1>