Chinaunix首页 | 论坛 | 博客
  • 博客访问: 19006620
  • 博文数量: 7460
  • 博客积分: 10434
  • 博客等级: 上将
  • 技术积分: 78178
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-02 22:54
文章分类

全部博文(7460)

文章存档

2011年(1)

2009年(669)

2008年(6790)

分类: 系统运维

2008-05-21 20:34:26

R2 s0------------------------s0/0 R1 s0/1----------------------------s1 R3
12.1.1.2                12.1.1.1       ;13.1.1.1             13.1.1.3
要求R2的S0口能ping通R3的S1口,但R3的S1口不能ping通R2的S0口。
也就是12.1.1.2能ping通13.1.1.3,但13.1.1.3不能ping通12.1.1.2.


hostname r1
!
interface Serial0/0
ip address 12.1.1.1 255.255.255.0
ip access-group ICMPre in
clockrate 64000
!
interface Serial0/1
ip address 13.1.1.1 255.255.255.0
ip access-group ICMPev in
clockrate 64000
!
ip access-list extended ICMPev
evaluate dxyx     .....................自动产生一条ACL,允许他回来,不然是 deny icmp any any
deny icmp any any
permit ip any any
ip access-list extended ICMPre
permit icmp any any reflect dxyx
permit ip any any

r3#ping 12.1.1.2 source 13.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
========================================================
r2#ping 13.1.1.3 source 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.1.3, timeout is 2 seconds:
Packet sent with a source address of 12.1.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
===================================================
r1#sh ip access
Extended IP access list ICMPev
    10 evaluate dxyx
    20 deny icmp any any (24 matches)
    30 permit ip any any
Extended IP access list ICMPre
    10 permit icmp any any reflect dxyx
    20 permit ip any any
Reflexive IP access list dxyx
     permit icmp host 13.1.1.3 host 12.1.1.2  (11 matches) (time left 175)  ....自动产生的
r1#sh ip access
Extended IP access list ICMPev
阅读(365) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~