连接ftp dir时候就断开了连接 请大哥些帮我看下我配置那地方错了
连接ftp dir时候就断开了连接 请大哥些帮我看下我配置那地方错了 除了vlan 10 其他VLAN 我都做了ACL 所以VLAN 10的PC可以正常连接和查询FTP里面的内容 其他的vlan只可以连接上sw3#show run
Building configuration...
Current configuration : 5950 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname sw3
!
!
!
enable password chicony
!
!
!
ip dhcp pool vlan10
network 172.29.1.0 255.255.255.0
default-router 172.29.1.254
ip dhcp pool vlan20
network 172.29.2.0 255.255.255.0
default-router 172.29.2.254
ip dhcp pool vlan30
network 172.29.3.0 255.255.255.0
default-router 172.29.3.254
ip dhcp pool vlan40
network 172.29.4.0 255.255.255.0
default-router 172.29.4.254
ip dhcp pool vlan50
network 172.29.5.0 255.255.255.0
default-router 172.29.5.254
ip dhcp pool vlan60
network 172.29.6.0 255.255.255.0
default-router 172.29.6.254
ip dhcp pool vlan70
network 172.29.7.0 255.255.255.0
default-router 172.29.7.254
ip dhcp pool vlan80
network 172.29.8.0 255.255.255.0
default-router 172.29.8.254
ip dhcp pool vlan90
network 172.29.9.0 255.255.255.0
default-router 172.29.9.254
ip dhcp pool vlan100
network 172.28.10.0 255.255.255.0
default-router 172.28.10.254
ip routing
!
!
!
!
username chicony secret 5 $1$mERr$nRhSeBvJYqHu2OkyCUHlA/
username sw3 secret 5 $1$mERr$nRhSeBvJYqHu2OkyCUHlA/
!
!
!
!
!
ip ssh version 2
ip domain-name chicony
ip name-server 172.28.10.1
!
!
!
!
!
!
interface FastEthernet0/1
no switchport
ip address 172.29.16.20 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.29.1.254 255.255.255.0
ip access-group permitvlan10 in
ip access-group permitvlan10 out
!
interface Vlan20
ip address 172.29.2.254 255.255.255.0
!
interface Vlan30
ip address 172.29.3.254 255.255.255.0
ip access-group permitvlan30 in
!
interface Vlan40
ip address 172.29.4.254 255.255.255.0
ip access-group denyvlan40 in
!
interface Vlan50
ip address 172.29.5.254 255.255.255.0
ip access-group denyvlan50 in
!
interface Vlan60
ip address 172.29.6.254 255.255.255.0
ip access-group denyvlan60 in
!
interface Vlan70
ip address 172.29.7.254 255.255.255.0
ip access-group denyvlan70 in
!
interface Vlan80
ip address 172.29.8.254 255.255.255.0
ip access-group denyvlan80 in
!
interface Vlan90
ip address 172.29.9.254 255.255.255.0
ip access-group denyvlan90 in
!
interface Vlan100
ip address 172.28.10.254 255.255.255.0
!
router rip
network 172.29.0.0
!
ip classless
!
!
ip access-list extended denyvlan30
deny icmp 172.29.3.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
ip access-list extended denyvlan40
deny icmp 172.29.4.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.4.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.4.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan50
deny icmp 172.29.5.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.5.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.5.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan60
deny icmp 172.29.6.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.6.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.6.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan7.0
ip access-list extended denyvlan70
deny icmp 172.29.7.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan80
deny icmp 172.29.8.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.8.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.8.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan90
deny icmp 172.29.9.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.9.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.9.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended permitvlan30
permit icmp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
!
!
!
!
!
line con 0
line vty 0 4
password chicony
login local
transport input ssh
line vty 5 15
password chicony
login local
transport input ssh
!
!
!
end
谢谢各位
还是沙发??? 回复 1 # ouyangyuni 的帖子
啥是ftp dir? 回复 3 # Jeff. 的帖子
隔壁院的学长
dir呢,它就是“显示远程计算机上的目录文件和子目录列表 ”
恩恩,就是这个意思~
回复 4 # liqiaohuang 的帖子
受教了,哈哈,果断厉害~
Router(config-ext-nacl)#$172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ?
<0-65535> Port number
bgp Border Gateway Protocol (179)
**gen **acter generator (19)
cmd Remote commands (rcmd, 514)
daytime Daytime (13)
discard Discard (9)
domain Domain Name Service (53)
drip Dynamic Routing Information Protocol (3949)
echo Echo (7)
exec Exec (rsh, 512)
finger Finger (79)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20)
gopher Gopher (70)
ip access-list extended denyvlan70
deny icmp 172.29.7.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
你的ACL只放通的控制端口,没有放通数据端口,怎么访问?
页:
[1]