R2 s0------------------------s0/0 R1 s0/1----------------------------s1 R3
12.1.1.2 12.1.1.1
;13.1.1.1 13.1.1.3
要求R2的S0口能ping通R3的S1口,但R3的S1口不能ping通R2的S0口。
也就是12.1.1.2能ping通13.1.1.3,但13.1.1.3不能ping通12.1.1.2.
hostname r1
!
interface Serial0/0
ip address 12.1.1.1 255.255.255.0
ip access-group ICMPre in
clockrate 64000
!
interface Serial0/1
ip address 13.1.1.1 255.255.255.0
ip access-group ICMPev in
clockrate 64000
!
ip access-list extended ICMPev
evaluate dxyx .....................自动产生一条ACL,允许他回来,不然是 deny icmp any any
deny icmp any any
permit ip any any
ip access-list extended ICMPre
permit icmp any any reflect dxyx
permit ip any any
r3#ping 12.1.1.2 source 13.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
========================================================
r2#ping 13.1.1.3 source 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.1.3, timeout is 2 seconds:
Packet sent with a source address of 12.1.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
===================================================
r1#sh ip access
Extended IP access list ICMPev
10 evaluate dxyx
20 deny icmp any any (24 matches)
30 permit ip any any
Extended IP access list ICMPre
10 permit icmp any any reflect dxyx
20 permit ip any any
Reflexive IP access list dxyx
permit icmp host 13.1.1.3 host 12.1.1.2 (11 matches) (time left 175) ....自动产生的
r1#sh ip access
Extended IP access list ICMPev