ACL部分目前了解的还不是很透。
先放2个例子吧
例1:设置让R1无法ping通R3上的3.3.3.3
在R2上得e0/0端口做如下设置:
- !
- interface Ethernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip access-group 1 out
- half-duplex
- !
- interface Ethernet0/1
- ip address 192.168.23.2 255.255.255.0
- half-duplex
- !
- interface Ethernet0/2
- no ip address
- shutdown
- half-duplex
- !
- interface Ethernet0/3
- no ip address
- shutdown
- half-duplex
- !
- router eigrp 10
- network 192.168.12.0
- network 192.168.23.0
- auto-summary
- !
- ip http server
- no ip http secure-server
- !
- !
- !
- access-list 1 deny 3.3.3.3
- access-list 1 permit any
- !
- !
- control-plane
- !
例2:
让R1可以ping通R3的3.3.3.3,但是无法连接上
还是在R2上进行设置
注意一下 31 32行写的顺序,顺序反了的话起不到作用
- !
- interface Ethernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip access-group 101 in
- half-duplex
- !
- interface Ethernet0/1
- ip address 192.168.23.2 255.255.255.0
- half-duplex
- !
- interface Ethernet0/2
- no ip address
- shutdown
- half-duplex
- !
- interface Ethernet0/3
- no ip address
- shutdown
- half-duplex
- !
- router eigrp 10
- network 192.168.12.0
- network 192.168.23.0
- auto-summary
- !
- ip http server
- no ip http secure-server
- !
- !
- !
- access-list 101 deny tcp any host 3.3.3.3 eq telnet
- access-list 101 permit ip any any
- !
- !
- control-plane
- !
