锐捷20X28路由器测试外网不能WEB及telnet(待测试)

配置思路:

配置ACL并应用到出口的IN方向

interface FastEthernet0/0---出口

ip address 10.10.10.1 255.0.0.0

ip access-group 100 in---应用ACL

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!-------------ACL的定义

access-list 100 deny icmp any any

access-list 100 permit ip any any

 

------------------------

Router#show ip access-lists 101

　　Extended IP access list 101

　　deny icmp any any

　　deny tcp any any eq www

　　deny tcp any any eq telnet

　　deny tcp any any eq 443

　　deny tcp any any eq 22

　　permit ip any any

Router#show ip acc

Router#show ip access-lists

　　Extended IP access list 100

　　10 deny icmp any any (16 match(es))

　　20 permit ip any any

Extended IP access list 101

　　10 deny icmp any any---禁ping

　　20 deny tcp any any eq www---禁80

　　30 deny tcp any any eq telnet---禁23

　　40 deny tcp any any eq 443---禁https

　　50 deny tcp any any eq 22---禁ssh

　　60 permit ip any any---允许所有

Router#

--------------------------------------------------------- 

interface FastEthernet0/0---出口 

　　ip address 10.10.10.1 255.0.0.0 

　　ip access-group 100 in---应用ACL101

IP access list 101

　　10 deny icmp any any---禁ping

　　20 deny tcp any any eq www---禁80

　　30 deny tcp any any eq telnet---禁23

　　40 deny tcp any any eq 443---禁https

　　50 deny tcp any any eq 22---禁ssh

　　60 permit ip any any---允许所有