欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 我们把实验的命令写到文本: 基本配置: r1: en conf t host r1 enable pass cisco line vty 0 4 pass cisco login exit int s0/0 ip addr 192.168.1.1 255.255.255.0 no shut clock rate 64000 e
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入
我们把实验的命令写到文本:
基本配置:
r1:
en
conf t
host r1
enable pass cisco
line vty 0 4
pass cisco
login
exit
int s0/0
ip addr 192.168.1.1 255.255.255.0
no shut
clock rate 64000
exit
router rip
ver 2
no auto-summary
network 192.168.1.0
exit
r2:
en
conf t
host r2
enable pass cisco
line vty 0 4
pass cisco
login
exit
int s0/0
ip addr 192.168.1.2 255.255.255.0
no shut
int s0/1
ip addr 192.168.2.1 255.255.255.0
no shut
clock rate 64000
exit
router rip
ver 2
no auto-summary
network 192.168.1.0
network 192.168.2.0
exit
r3:
en
conf t
host r3
enable pass cisco
line vty 0 4
pass cisco
login
exit
int s0/1
ip addr 192.168.2.2 255.255.255.0
no shut
exit
router rip
ver 2
no auto-summary
network 192.168.2.0
exit
在r2上配置拒绝telnet:
conf t
access-list 101 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq telnet
access-list 101 permit ip any any
int s0/1
ip access-group 100 out
exit
access-list 102 deny tcp 192.168.1.1 0.0.0.0 192.168.2.0 0.0.0.255 eq ftp
access-list 102 permit ip any any
int s0/1
ip access-group 100 out
exit
access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo
access-list 103 deny icmp 192.168.4.2 0.0.0.0 192.168.1.0 0.0.0.255 echo-reply
access-list 103 permit ip any any
int s0/0
ip access-group 101 out
写完了以后我们开始粘贴。
粘贴完并没有错误,我们先不添加访问控制列表看能否telnet
没有问题可以telnet并打开了
我们来添加访问列表
在来telnet 如果失败了,我们就成功了。
telnet不上了,成功!!!!!!
凌晨了睡觉喽!!!!!!呵呵 !!!!!!
http://liuyonglei.blog.51cto.com/501877/139178
[1] [2]
Statement:The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn