1. Basic work (Configure the IP address of each router interface)
R1 router
Router> enable
Router # configure terminal
Router (config) #hostname r1 Rename the router r1
r1 (config) #interface fastEthernet 0/0
r1 (config-if) #ip address 10.1.1.1 255.255.255.0
r1 (config-if) #no shutdown
r2 (config) #interface serial 2/0
r2 (config-if) #ip address 20.1.1.1 255.255.255.0
r2 (config-if) # clock rate 64000
r2 (config-if) #no shutdown
Set the enable password and vty password on r1 for telnet test
r1 (config) #enable secret cisco1
r1 (config) #line vty 0 4
r1 (config-line) #password cisco2
r1 (config-line) #login
r1 ( config-line) #end
R2路由器
Router#configure terminal
Router(config)#hostname r2
r2(config)#interface serial 2/0
r2(config-if)#ip address 20.1.1.2 255.255.255.0
r2(config-if)#no shutdown
r2(config)#interface fastEthernet 0/0
r2(config-if)#ip address 30.1.1.1 255.255.255.0
r2(config-if)#no shutdown
r2(config)#interface fastEthernet 1/0
r2(config-if)#ip address 40.1.1.1 255.255.255.0
r2(config-if)#no shutdown
二、配置OSPF路由协议
r1(config)#router ospf 1
r1(config-router)#network 10.1.1.0 0.0.0.255 area 0
r1(config-router)#network 20.1.1.0 0.0.0.255 area 0
r2(config)#router ospf 1
r2(config-router)#network 20.1.1.0 0.0.0.255 area 0
r2(config-router)#network 30.1.1.0 0.0.0.255 area 0
r2(config-router)#network 40.1.1.0 0.0.0.255 area 0
3. Test connectivity
Check the routing tables of r1 and r2 to test the connectivity between PCs
4. Configure and refer to the standard IP access control list so that the marketing and finance departments cannot access each other
r2 (config) # access-list 1 deny 10.1.1.0 0.0.0.255
r2 (config) # access-list 1 permit any
r2 (config ) #interface fastEthernet 0/0
r2 (config-if) #ip access-group 1 out
The PC3 of the marketing department visits the PC1 of the finance department to see if it can be accessed.
The PC3 of the marketing department accesses the PC2 of the technical department to see if it can be accessed.
r2 # show ip access-lists 1 View the matching of access control list statements
r2 # show ip interface fa0 / 0 Focus on the related information of access list
r2 # clear access-list counters
Fifth, configure and refer to the extended IP access control list.
First delete the ACL configuration of
r2 r2 (config) #no access-list 1
r2 (config) #interface fastEthernet 0/0
r2 (config-if) #no ip access-group 1 out
PC1 and PC2 telnet to r1 router.
It is now required to prohibit PC1 of the Finance Department from telneting to the r1 router, but PC1 can ping the router r1, and the router r2 is not affected.
R2 router
r2 (config) # access-list 101 deny tcp 30.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255 eq 23
r2 (config) # access-list 101 permit ip any any
r2 (config) #interface fastEthernet 0/0
r2 (config-if) #ip access-group 101 in
r2 # show ip access-lists
PC1 telnet to r1, can I log in?
Can PC2 telnet to r1, can I log in?
Sixth, configure and reference the named IP access control list
First delete the ACL configuration of
r2 r2 (config) #no access-list 101
r2 (config) #interface fastEthernet 0/0
r2 (config-if) #no ip access-group 101 in
r2(config)#ip access-list extended Test1
r2(config-ext-nacl)#deny icmp 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255 echo
r2(config-ext-nacl)#permit ip any any
r2(config-ext-nacl)#exit
r2(config)#interface fastEthernet 0/0
r2(config-if)#ip access-group Test1 in
r2 # show ip access-lists
PC1 ping PC3, is it connected?
Is PC2 ping PC3 connected?
7. Use access control lists to restrict telnet access
Configure the R1 router to allow telnet from the 30.1.1.0/24 network segment, but not from other network segments.
First clear the configuration of the access control list referenced on the R2 router, and then start the experiment in this part.
r2 (config) #no ip access-list extended Test1
r2 (config) #interface fastEthernet 0/0
r2 (config-if) #no ip access-group Test1 in
r1(config)#access-list 2 permit 30.1.1.0 0.0.0.255
r1(config)#access-list 2 deny any
r1(config)#line vty 0 4
r1(config-line)#access-class 2 in
Can PC1 telnet to r1, can I log in?
Can PC2 telnet to r1, can I log in?
r1#show ip access-lists 2
