1.配置IP地址
[R1]int G 0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[R1-GigabitEthernet0/0/1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[pc1]int g 0/0/0
[pc1-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[pc2]int g 0/0/0
[pc2-GigabitEthernet0/0/0]ip add 192.168.1.11 24
2.配置静态路由,实现全网通
[R2]ip route-static 192.168.1.0 24 192.168.2.1测试,是否全网可达
3.配置Telnet
#创建一个zzq用户,密码为123456
[R1]aaa
[R1-aaa]local-user?
[R1-aaa]local-user zzq privilege level 15 password cipher 123456
#定义用户服务类型
[R1-aaa]local-user zzq service-type telnet
#主要作用于Telnet
#开启虚拟端口
[R1]user-interface vty 0
[R1-ui-vty0]authentication-mode aaa
#重复上述步骤,在R2开启
[R2]aaa
[R2-aaa]local-user zzq privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user zzq service-type telnet
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa 测试
4.配置ACL
#创建高级ACL
[R1]acl 3000
#不能pingR1
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.1.1 0.0.0.0
[R1-acl-adv-3000]rule deny icmp source 192.168.1.10 0.0.0.0 destination 192.168.2.1 0.0.0.0
#不能telnet R2
[R1-acl-adv-3000]rule deny tcp source 192.168.1.10 0.0.0.0 destination 192.168.2.2 0.0.0.0 destination-port eq 23
#进入0/0/0接口调用
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1.1 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.2.1 0.0.0.0
[R1-acl-adv-3000]rule deny tcp source 192.168.1.11 0.0.0.0 destination 192.168.2.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule de icmp source 192.168.1.11 0.0.0.0 destination 192.168.2.2 0.0.0.0测试
扫一扫
670
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
