首先,给R1 R2 R3 配置动态IP地址
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/0]q
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[R1-GigabitEthernet0/0/1]q
[R1]ip pool AAA
Info: It’s successful to create an IP address pool.
[R1-ip-pool-AAA]network 192.168.1.0 mask 24
[R1-ip-pool-AAA]gateway-list 192.168.1.1
[R1-ip-pool-AAA]dns-list 8.8.8.8
[R1-ip-pool-AAA]q
[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]ip address 12.1.1.2 24
[R2-GigabitEthernet0/0/1]q
[R2]interface g0/0/2
[R2-GigabitEthernet0/0/2]ip address 23.1.1.2 24
[R2-GigabitEthernet0/0/2]
[R2-GigabitEthernet0/0/2]
[R2-GigabitEthernet0/0/2]q
[R2]ip pool BBB
Info: It’s successful to create an IP address pool.
[R2-ip-pool-BBB]gateway-list 192.168.2.1
[R2-ip-pool-BBB]network 192.168.2.0 mask 24
[R2-ip-pool-BBB]dns-list 8.8.8.8
[R2-ip-pool-BBB]q
[R2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]dhcp select global
[R2-GigabitEthernet0/0/0]q
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[R3-GigabitEthernet0/0/0]q
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip address 23.1.1.3 24
[R3-GigabitEthernet0/0/1]q
[R3]ip pool CCC
Info: It’s successful to create an IP address pool.
[R3-ip-pool-CCC]network 192.168.3.0 mask 24
[R3-ip-pool-CCC]gateway-list 192.168.3.1
[R3-ip-pool-CCC]dns-list 8.8.8.8
[R3-ip-pool-CCC]q
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]dhcp select global
[R3-GigabitEthernet0/0/0]q
接着写RIP协议,使他们能PING通
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 12.0.0.0
[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 12.0.0.0
[R2-rip-1]network 23.0.0.0
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 23.0.0.0
PC1不能PING通PC6,但是能PING通PC5
[R1]acl 3000
[R1-acl-adv-3000]rule 2 deny ip source 192.168.1.254 0 destination 192.168.3.253 0
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
PC2不能PING通PC3
[R1]acl 3000
[R1-acl-adv-3000]rule 1 deny ip source 192.168.1.253 0 destination 192.168.2.254 0
[R1-acl-adv-3000]q
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[R1-GigabitEthernet0/0/0]q
R1不能PING通R3但能远程登陆R3
先给R3做远程登陆设置
[R3]user-interface vty 0 4
[R3-ui-vty0-4]authentication-mode aaa
[R3-ui-vty0-4]aaa
[R3-aaa]loca
[R3-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[R3-aaa]local-user huawei privilege level 15
[R3-aaa]local-user huawei service-type telnet
[R3-aaa]q
要使R1不能PING通R3,须全方位锁定
[R2]acl 3000
[R2-acl-adv-3000]rule 1 deny icmp source 12.1.1.1 0 destination 23.1.1.3 0
[R2-acl-adv-3000]rule 2 deny icmp source 12.1.1.1 0 destination 192.168.3.1 0
[R2-acl-adv-3000]rule 3 deny icmp source 192.168.1.1 0 destination 23.1.1.3 0
[R2-acl-adv-3000]rule 4 deny icmp source 192.168.1.1 0 destination 192.168.3.1 0
[R2-acl-adv-3000]q
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
到此结束!!!
