ip access-group infilter in
clock rate 64000
!
interface Serial1/1
ip address 1.1.1.2 255.255.255.0
ip access-group outfilter in
注意:内外方向列表的应用不一定要在同一个接口下。
Ok,我们现在R1上测试一下ping结果:
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 136/213/268 ms
R1#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/164/268 ms
R1#
再测试一下telnet结果:
R1#
R1#telnet 2.2.2.2
Trying 2.2.2.2 ... Open
User Access Verification
Username: test
Password:
R3#
R1#telnet 30.1.1.1
Trying 30.1.1.1 ... Open
User Access Verification
Username: test
Password:
R3#(结果全部ok,符合题目要求)
我们再在R3执行相同的测试:
R3#
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R3#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R3#telnet 1.1.1.1
Trying 1.1.1.1 ...
% Destination unreachable; gateway or host down
R3#telnet 10.1.1.1
Trying 10.1.1.1 ...
% Destination unreachable; gateway or host down
R3#(由于不能允许由外部直接发起的流量通过,所以测试全部失败,但结果是正确的,对吗?)
这里只是个简单的配置,目的是给大家演示一下配置步骤,具体情况还要自己在实验当中细细体会。
上一页 [1] [2]