1．禁止r1 telnet r4

2．禁止r2 ping r4

3．其它访问均允许

r3(config)#access-list 100 deny tcp host 192.168.1.1 any eq telnet r3(config)#access-list 100 deny icmp host 192.168.1.2 any r3(config)#access-list 100 deny icmp host 131.16.24.1 any r3(config)#access-list 100 permit ip any any r3(config)#int s1/2 r3(config-if)#ip access-group 100 out

r1#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 120/132/160 ms r1#telnet 172.16.1.2 Trying 172.16.1.2 ...  % Destination unreachable; gateway or host down

r2#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) r2#ping Protocol [ip]:  Target IP address: 172.16.1.2 Repeat count [5]:  Datagram size [100]:  Timeout in seconds [2]:  Extended commands [n]: y Source address or interface: 131.16.24.1 Type of service [0]:  Set DF bit in IP header? [no]:  Validate reply data? [no]:  Data pattern [0xABCD]:  Loose, Strict, Record, Timestamp, Verbose[none]:  Sweep range of sizes [n]:  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: Packet sent with a source address of 131.16.24.1  U.U.U Success rate is 0 percent (0/5) r2#telnet 172.16.1.2 Trying 172.16.1.2 ... Open User Access Verification Password:  % Password:  timeout expired! Password: 

r3#ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/63/80 ms