扫一扫
关注微信公众号

Cisco2600的访问列表的配置
2009-01-11   

我在配置了这样一个访问列表,
Access-list 102 deny tcp any lt 1024 any
access-list 102 permit tcp any any
但是却不能ping对方网段,我想把1024以下的端口全部封了,但能ping通对方,该如何配置用的是静态路由配置文件如下(部分)

Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service passWord-encryption
!
hostname fenghua02
!
enable secret 5 $1$SGEA$bcQ2n0TKJ4zbIzEy.lpci1
!
chat-script backup ABORT ERROR ABORT BUSY ABORT "" 
"ATDT 7718690" TIMEOUT 30 CPc
!
!
process-max-time 200
!
interface Ethernet0/0
ip address 199.1.1.0 255.255.255.0
no ip redirects
no ip directed-broadcast
standby 1 priority 110
standby 1 preempt standby 1 authentication cisco
standby 1 ip 132.5.1.155
!
interface Ethernet0/1
no ip address
shutdown

...

interface Serial1/6
ip address 10.1.1.12 255.255.255.0
no ip redirects
ip access-group 102 ininterface Async65
!
ip address 137.5.250.2 255.255.0.0
encapsulation ppp
dialer in-band
dialer string 320012
async default routing
async mode dedicated
!

...

ip classless
ip route 199.1.1.0 255.255.255.0 10.1.1.11
!

access-list 102 deny tcp any lt 1024 any
access-list 102 permit tcp any any
! 


热词搜索:

上一篇:Secpath典型配置之访问控制列表(ACL)
下一篇:用思科路由对DDOS攻击的防御思路

分享到: 收藏