- access lists на cisco 2610xm, vit5, 18:08 , 14-Мрт-07 (1)
- access lists на cisco 2610xm, tigran_astranet, 19:52 , 14-Мрт-07 (2)
> >покажи сам интерфейс куда вяжешь асл >как смотришь статистику ip не входящие в список разрешенных >адреса из этой сети или из другой > >попробуй >сделать еще так >access-list 122 deny ip 62.33.28.0 0.0.0.255 host 62.33.28.46 log >access-list 122 deny ip any any log - хотя она >должна включаться по умолчанию > >и включи терминал монитор >будет сыпатся чтонибудь в лог по запрету >если да то акл работает >а вот в какую сторону он работает это решать тебе >ip access group 122 in или out > >> В соответствии с Вашим советом изменил конфиг:interface FastEthernet0/0 ............................. ip access-group 122 out ............................. access-list 122 permit ip host 62.33.28.96 host 62.33.28.46 access-list 122 permit ip host 62.33.28.141 host 62.33.28.46 access-list 122 permit ip host 62.33.28.240 host 62.33.28.46 access-list 122 permit ip host 62.33.28.235 host 62.33.28.46 access-list 122 permit ip host 62.33.28.152 host 62.33.28.46 access-list 122 permit ip host 62.33.28.247 host 62.33.28.46 access-list 122 permit ip host 62.33.28.203 host 62.33.28.46 access-list 122 permit ip host 62.33.28.248 host 62.33.28.46 access-list 122 permit ip host 62.33.28.11 host 62.33.28.46 access-list 122 permit ip host 62.33.28.84 host 62.33.28.46 access-list 122 permit ip host 62.33.28.157 host 62.33.28.46 access-list 122 permit ip host 62.33.28.149 host 62.33.28.46 access-list 122 permit ip host 62.33.28.67 host 62.33.28.46 access-list 122 permit ip host 62.33.28.120 host 62.33.28.46 access-list 122 permit ip host 62.33.28.119 host 62.33.28.46 access-list 122 permit ip host 62.33.28.79 host 62.33.28.46 access-list 122 deny ip 62.33.28.0 0.0.0.255 host 62.33.28.46 access-list 122 permit ip any any но ситуация такая же....cisco все равно пропускает другие ip к этому хосту....
- access lists на cisco 2610xm, vit5, 08:30 , 15-Мрт-07 (3)
- access lists на cisco 2610xm, tigran_astranet, 10:30 , 15-Мрт-07 (4)
>покажи конфиг! Показываю: Current configuration : 4198 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname gw.astra-net.ru ! boot-start-marker boot system flash:c2600-ipbase-mz.123-14.T7.bin boot-end-marker ! enable secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. enable password xxxxxxxxxxxxxxxxxx ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update newinfo periodic 2 aaa accounting network default start-stop group radius ! aaa session-id common ! resource policy ! clock timezone pdt 3 clock summer-time pdt recurring no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! ip name-server 212.48.192.8 ip name-server 195.161.15.19 vpdn enable vpdn ip udp ignore checksum ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 source-ip 10.0.0.1 ! no ftp-server write-enable async-bootp dns-server 212.48.192.8 195.161.15.19 ! username admin password xxxxxxxxxxxxxxxxxxxx ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 secondary ip address 62.33.28.97 255.255.255.224 secondary ip address 62.33.28.65 255.255.255.224 secondary ip address 10.0.1.1 255.255.255.0 secondary ip address 62.33.28.9 255.255.255.248 secondary ip address 62.33.28.17 255.255.255.240 secondary ip address 62.33.28.33 255.255.255.224 secondary ip address 10.0.20.1 255.255.255.0 secondary ip address 62.33.28.6 255.255.255.252 ip route-cache flow speed auto half-duplex ntp broadcast no mop enabled ! interface FastEthernet0/0.1 encapsulation dot1Q 100 ip address 10.0.10.1 255.255.255.0 secondary ip address 62.33.28.129 255.255.255.128 no snmp trap link-status ! interface Virtual-Template1 ip unnumbered FastEthernet0/0 ip access-group 122 out ip route-cache flow ip mroute-cache no peer default ip address ppp authentication pap ! interface Group-Async1 ip unnumbered FastEthernet0/0 encapsulation ppp dialer in-band dialer idle-timeout 1000000 dialer-group 1 async mode interactive peer default ip address pool DialUpLp ppp authentication pap group-range 33 40 ! ip local pool DialUpLp 62.33.28.98 62.33.28.105 ip classless ip route 0.0.0.0 0.0.0.0 62.33.28.5 ip flow-export source FastEthernet0/0 ip flow-export version 5 ip flow-export destination 62.33.28.94 9991 ip flow-export destination 62.33.28.5 9996 ! no ip http server ! access-list 122 permit ip host 62.33.28.96 host 62.33.28.46 access-list 122 permit ip host 62.33.28.141 host 62.33.28.46 access-list 122 permit ip host 62.33.28.240 host 62.33.28.46 access-list 122 permit ip host 62.33.28.235 host 62.33.28.46 access-list 122 permit ip host 62.33.28.152 host 62.33.28.46 access-list 122 permit ip host 62.33.28.247 host 62.33.28.46 access-list 122 permit ip host 62.33.28.203 host 62.33.28.46 access-list 122 permit ip host 62.33.28.248 host 62.33.28.46 access-list 122 permit ip host 62.33.28.11 host 62.33.28.46 access-list 122 permit ip host 62.33.28.84 host 62.33.28.46 access-list 122 permit ip host 62.33.28.157 host 62.33.28.46 access-list 122 permit ip host 62.33.28.149 host 62.33.28.46 access-list 122 permit ip host 62.33.28.67 host 62.33.28.46 access-list 122 permit ip host 62.33.28.120 host 62.33.28.46 access-list 122 permit ip host 62.33.28.119 host 62.33.28.46 access-list 122 permit ip host 62.33.28.79 host 62.33.28.46 access-list 122 permit ip host 62.33.28.144 host 62.33.28.46 access-list 122 permit ip host 62.33.28.221 host 62.33.28.46 access-list 122 deny ip 62.33.28.0 0.0.0.255 host 62.33.28.46 log access-list 122 permit ip any any snmp-server community astra-net.ru RO snmp-server enable traps tty radius-server host 62.33.28.94 auth-port 1812 acct-port 1813 key xxxxxxxxxxxxxx E ! control-plane ! ! line con 0 line 33 40 script modem-off-hook offhook modem InOut transport input all autoselect ppp flowcontrol software line aux 0 line vty 0 4 password xxxxxxxxxxxxxxxxxxxx ! ntp clock-period 17208555 ntp server 147.45.0.4 ntp server 147.45.15.34 ! end
|