[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 192.168.2.3 24
1、pc3可以ping r1但是不能telnet r1
·创建
[r1-GigabitEthernet0/0/1]acl 3002
·扩展列表配置---同时关注源和目标IP地址
[r1-acl-adv-3002]rule deny tcp source 192.168.2.2 0 destination 192.168.2.1 0 de
stination-port eq 23
·调用
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3002
2.pc3可以telnet r2但是不能ping r2
·创建
[r2]acl 3003
[r2-aaa]local-user syx privilege level 15 password cipher 12345
·扩展列表配置---同时关注源和目标IP地址
[r2-acl-adv-3003]rule deny icmp source 192.168.2.2 0 destination 192.168.1.2 0
·调用
[r2-ui-vty0]authentication-mode aaa
3、pc4可以ping r1但是不能telnet r1
·创建
[r1]acl 3004
·扩展列表配置---同时关注源和目标IP地址
[r1-acl-adv-3004]rule deny tcp source 192.168.2.3 0 destination 192.168.2.1 0
·调用
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
4、pc4可以telnet r2 但是不能ping r2
·创建
[r2]acl 3005
[r2-aaa]local-user syx privilege level 15 password cipher 123456
·扩展列表配置---同时关注源和目标IP地址
[r2-acl-adv-3005]rule deny icmp source 192.168.2.3 0 destination 192.168.1.2 0
·开启服务
[r2-aaa]local-user syx service-type telnet
·调用
[r2-ui-vty0-4]authentication-mode aaa
