ACL配置 cisco

实验要求：

学生机可以访问web但是不能访问ftp，老师机都可以访问

网络拓扑图：

配置代码：

R1:
en
conf t
hostname r1
no ip domain-lookup
int g0/0
ip address 192.168.1.254 255.255.255.0
int g0/1
ip address 192.168.2.254 255.255.255.0
int g0/2
ip address 192.168.3.1 255.255.255.0
int range g0/0-2
no shutdown
Exit
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
end
show ip route

R2:
en
conf t
hostname r2
no ip domain-lookup
int g0/0
ip address 192.168.100.254 255.255.255.0
no shut
int g0/1
ip address 192.168.200.254 255.255.255.0
no shut
int g0/2
ip address 192.168.3.2 255.255.255.0
no shut
Exit
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
network 192.168.200.0 0.0.0.255 area 0
end
show ip route
Conf t
Access-list 1 deny 192.168.1.0 0.0.0.255
Access-list 1 permit 192.168.2.0 0.0.0.255
Int g0/1
Ip access-group 1 out

实验结果：

Student：

Teacher：