关于acl问题求助啊

laocao2017 · ‎04-17-2019

论坛大神求助啊现在我想192.168.1.0网段不能访问3.0网段，但是3.0网段可以访问1.0网段，我在R1上写了一个标准的ACL 但是写完了3.0网段也访问不了1.0了这个怎么办求助

cisco.feng · ‎04-17-2019

用自反ACL
配置介绍自行google/baidu

freebird2992 · ‎04-20-2019

R2#show ip access-list R3TOR1
Extended IP access list R3TOR1
10 permit icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 reflect CCIE (35 matches)
R2#show ip access-list R1TOR3
Extended IP access list R1TOR3
10 evaluate CCIE
20 deny icmp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 (5 matches)
R2#
R2#show run interface e0/0
Building configuration...
Current configuration : 109 bytes
!
interface Ethernet0/0
no switchport
ip address 192.168.3.2 255.255.255.0
ip access-group R3TOR1 in
end
R2#show run interface e0/1
Building configuration...
Current configuration : 109 bytes
!
interface Ethernet0/1
no switchport
ip address 192.168.2.2 255.255.255.0
ip access-group R1TOR3 in
end

freebird2992 · ‎04-20-2019

R2#show ip access-list R3TOR1
Extended IP access list R3TOR1
10 permit icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 reflect CCIE (35 matches)
R2#show ip access-list R1TOR3
Extended IP access list R1TOR3
10 evaluate CCIE
20 deny icmp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 (5 matches)
R2#
R2#show run interface e0/0
Building configuration...
Current configuration : 109 bytes
!
interface Ethernet0/0
no switchport
ip address 192.168.3.2 255.255.255.0
ip access-group R3TOR1 in
end
R2#show run interface e0/1
Building configuration...
Current configuration : 109 bytes
!
interface Ethernet0/1
no switchport
ip address 192.168.2.2 255.255.255.0
ip access-group R1TOR3 in
end