R1 can telnet R3
R1 can not ping R3
讓 172.16.4.0/24 的流量都無法到 R1
插入規則,讓 Linux4 可以 ping R1,但 Linux5 不可
插入規則,讓 Linux5 可以 telnet R1,但 Linux4 不可
Last updated
Was this helpful?
Was this helpful?
int e0/0ip add 12.1.1.1 255.255.255.0no shutint lo1ip add 1.1.1.1 255.255.255.0no shutint lo2ip add 2.2.2.2 255.255.255.0no shutrouter ripver 2network 12.1.1.0no auto-summaryexitrouter ripver 2network 1.1.1.0network 2.2.2.0exitdo ping 3.3.3.3 source 1.1.1.1do ping 4.4.4.4 source 1.1.1.1do ping 3.3.3.3 source 2.2.2.2do ping 4.4.4.4 source 2.2.2.2exittelnet 4.4.4.4ciscotelnet 3.3.3.3ciscoint e0/0ip add 12.1.1.2 255.255.255.0no shutint e0/1ip add 23.1.1.2 255.255.255.0no shutrouter ripver 2network 12.1.1.0network 23.1.1.0no auto-summaryexitaccess-list 100 deny icmp 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255access-list 100 deny icmp 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255access-list 100 permit ip any anyint e0/0ip access-group 100 inexitendsh access-listsconf taccess-list 101 permit tcp any 3.3.3.0 0.0.0.255 eq 23int e0/1ip access-group 101 outendsh access-listsconf tno access-list 101int e0/1no ip access-group 101 outdo sh access-listsexitip access-list extended telnet-acldeny tcp any 4.4.4.0 0.0.0.255 eq 23permit ip any anyint e0/1ip access-group telnet-acl outendsh access-listsint e0/0ip add 23.1.1.3 255.255.255.0no shutint lo1ip add 3.3.3.3 255.255.255.0no shutint lo2ip add 4.4.4.4 255.255.255.0no shutrouter ripver 2network 23.1.1.0network 3.3.3.0network 4.4.4.0no auto-summaryline vty 4password ciscologintransport input telnetdo sh runip route 23.1.1.0 255.255.255.0 e0/0 12.1.1.2int e0/0ip addr 12.1.1.1 255.255.255.0no shutdo ping 23.1.1.3do telnet 23.1.1.3ip access-list ex rulepermit tcp 12.1.1.0 0.0.0.255 23.1.1.0 0.0.0.255 eq 23deny icmp 12.1.1.0 0.0.0.255 23.1.1.0 0.0.0.255int e0/0ip access-group rule inip addr 12.1.1.2 255.255.255.0no shutint e0/1ip addr 23.1.1.2 255.255.255.0no shutdo sh access-listsip route 12.1.1.0 255.255.255.0 e0/0 23.1.1.2line vty 0 4password ciscologintransport input telnetint e0/0ip addr 23.1.1.3 255.255.255.0no shutip route 172.16.4.0 255.255.255.0 e0/0 172.16.3.2int e0/0ip addr 172.16.3.1 255.255.255.0no shutexitline vty 0 4password ciscologin transport input sship access-list ex ruledeny ip 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255int e0/0ip addr 172.16.3.2 255.255.255.0no shutint e0/1ip access-group rule inip addr 172.16.4.2 255.255.255.0no shutexitip access-list ex rule5 permit icmp 172.16.4.100 0.0.0.0 172.16.3.0 0.0.0.2556 permit tcp 172.16.4.200 0.0.0.0 172.16.3.0 0.0.0.255 eq 22ip addr add 172.16.4.200/24 brd + dev eth0ip route add default via 172.16.4.2timedatectl set-timezone Asia/Taipeisystemctl restart ntp.serviceapt updateapt install telnettelnet 172.16.3.1ip addr add 172.16.4.100/24 brd + dev eth0ip route add default via 172.16.4.2timedatectl set-timezone Asia/Taipeisystemctl restart ntp.serviceapt updateapt install telnetping 172.16.3.1