ACL(拒绝Telnet)

ACL(拒绝Telnet)_第1张图片

拒绝192.168.10.1不能telnet12.1.1.2

Client1(IP地址)
IP地址:192.168.10.1
子网掩码:255.255.255.0
网关:192.168.10.254
PC1(IP地址)
IP地址:192.168.10.2
子网掩码:255.255.255.0
网关:192.168.10.254
PC2(IP地址)
IP地址:172.16.10.1
子网掩码:255.255.255.0
网关:172.16.10.254
server1(设置IP地址)
IP地址:172.16.10.2
子网掩码:255.255.255.0
网关:172.16.10.254
R1(设置IP地址)
system-view     //进入配置模式
[Huawei]undo info-center enable     //关闭信息告警提示
[Huawei]sysname R1     //改名
[R1]interface g0/0/0     //进入接口
[R1-GigabitEthernet0/0/0]ip address 192.168.10.254 24     //设置IP地址
[R1-GigabitEthernet0/0/0]quit     //退出
[R1]interface g0/0/1     //进入接口
[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 24     //设置IP地址
[R1-GigabitEthernet0/0/1]quit     //退出
[R1]
R2(设置IP地址)
system-view      //进入配置模式
[Huawei]undo info-center enable     //关闭信息告警提示
[Huawei]sysname R2     //改名
[R2]interface g0/0/0     //进入接口
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 24     //设置IP地址
[R2-GigabitEthernet0/0/0]quit     //退出
[R2]interface g0/0/1     //进入接口
[R2-GigabitEthernet0/0/1]ip address 172.16.10.254 24     //设置IP地址
[R2-GigabitEthernet0/0/1]quit     //退出
[R2]
R1(设置默认路由)
[R1]ip route-static 0.0.0.0 0 12.1.1.2     //配置默认路由
[R1]
R2(设置默认路由)
[R2]ip route-static 0.0.0.0 0 12.1.1.1     //配置默认路由
[R2]
PC2(测试可以ping通172.16.10.X网段)
PC>ping 172.16.10.1     //测试pingPC2

Ping 172.16.10.1: 32 data bytes, Press Ctrl_C to break
From 172.16.10.1: bytes=32 seq=1 ttl=126 time=94 ms     //ping通
From 172.16.10.1: bytes=32 seq=2 ttl=126 time=78 ms
From 172.16.10.1: bytes=32 seq=3 ttl=126 time=78 ms
From 172.16.10.1: bytes=32 seq=4 ttl=126 time=62 ms
From 172.16.10.1: bytes=32 seq=5 ttl=126 time=78 ms

--- 172.16.10.1 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 62/78/94 ms
PC>ping 172.16.10.2 //测试pingserver1
Ping 172.16.10.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 172.16.10.2: bytes=32 seq=2 ttl=253 time=62 ms     //ping通
From 172.16.10.2: bytes=32 seq=3 ttl=253 time=62 ms
From 172.16.10.2: bytes=32 seq=4 ttl=253 time=47 ms
From 172.16.10.2: bytes=32 seq=5 ttl=253 time=63 ms

--- 172.16.10.2 ping statistics ---
  5 packet(s) transmitted
  4 packet(s) received
  20.00% packet loss
  round-trip min/avg/max = 0/58/63 ms

PC>
R2(配置ACL,拒绝源地址192.168.10.2的数据)
[R2]acl number 2000     //进入ACL
[R2-acl-basic-2000]rule deny source 192.168.10.2 0     //源地址192.168.10.2的数据
[R2-acl-basic-2000]quit     //退出
[R2]interface g0/0/0     //进入接口
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000     //应用到接口    
[R2-GigabitEthernet0/0/0]quit     //退出
[R2]
PC2(测试可以ping通172.16.10.X网段)
PC>ping 172.16.10.1     //测试是否可以ping通PC1

Ping 172.16.10.1: 32 data bytes, Press Ctrl_C to break
Request timeout!     //不能ping通
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 172.16.10.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 172.16.10.2

Ping 172.16.10.2: 32 data bytes, Press Ctrl_C to break
Request timeout!     //不能ping通
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 172.16.10.2 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>

你可能感兴趣的:(#,ACL)