Добрый день!
Пров выдал диапазон из восьми адресов хxx.xxx.xxx240/29
xxx.xxx.xxx.241, стоит на cisco.
xxx.xxx.xxx.242-DNS, www, FTP, SMTP, POP3
xxx.xxx.xxx.243 VoIP
xxx.xxx.xxx.244 Шлюз для выхода в Интет всей конторы(GATEWAY)
xxx.xxx.xxx.мой комп
Я создал Access-Listы конфиг ниже, беда в том что когда подключаю этот конфиг весь инет проподает. Может подскажите где я ошибся. Без применения ACL к интерфейсам все работает.
------------------ show version ------------------
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.2(15)T8, RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Wed 10-Sep-03 05:48 by pwade
Image text-base: 0x80008098, data-base: 0x819C6EB0
ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
router.ivolga.kz uptime is 21 hours, 31 minutes
System returned to ROM by power-on
System image file is "flash:c2600-is-mz.122-15.T8.bin"
cisco 2651XM (MPC860P) processor (revision 0x100) with 65536K/65536K bytes of memory.
Processor board ID JAD07050E0F (2774159740)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
49152K bytes of processor board System flash (Read/Write)
Configuration register is 0x2101
------------------ show running-config ------------------
Building configuration...
Current configuration : 1893 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXXXXXX
!
logging queue-limit 100
enable secret 5
!
memory-size iomem 50
ip subnet-zero
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
ip address 10.254.102.2 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
ip address xxx.xxx.xxx.241 255.255.255.248
ip access-group 102 in
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip http server
ip http access-class 2
ip classless
ip route 0.0.0.0 0.0.0.0 10.254.102.1
!
!
!
access-list 2 permit xxx.xxx.xxx.245
access-list 101 permit tcp any xxx.xxx.xxx.240 0.0.0.8 established
access-list 101 permit tcp host yyy.yyy.yyy.71 host xxx.xxx.xxx.243 eq 1720
access-list 101 permit udp any host xxx.xxx.xxx.242 eq domain
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq smtp
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq pop3
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq www
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq 443
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq domain
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq ftp
access-list 101 permit tcp any host xxx.xxx.xxx.242 eq ftp-data
access-list 101 permit tcp any host xxx.xxx.xxx.243 eq www
access-list 101 permit tcp any host xxx.xxx.xxx.243 eq telnet
access-list 101 deny ip any any
access-list 102 permit ip xxx.xxx.xxx.240 0.0.0.8 any
access-list 102 deny ip any any
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
session-timeout 60 output
access-class 2 in
password
login
!
!
end
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on
02-Июл-04, 12:28 (MSK)
