yanglijian201 发表于 2015-9-26 12:34:13

对于acl匹配不甚理解

top:
R1---R2--R3
R1:
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
half-duplex
!

ip route 0.0.0.0 0.0.0.0 192.168.1.2
R2:
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
ip access-group 1 in
half-duplex
!
interface Ethernet0/1
ip address 192.168.2.2 255.255.255.0
half-duplex
!

access-list 1 permit 192.168.1.1
access-list 1 deny   192.168.1.0 0.0.0.255

R3:
!
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
half-duplex
!

ip route 0.0.0.0 0.0.0.0 192.168.2.2


R1 ping R3:
R1#ping 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/37/68 ms
R1#

通了!!!为什么会通了呢,求指点!!!

yanglijian201 发表于 2015-9-26 12:35:58

R2#show ip access-lists 1
Standard IP access list 1
    20 permit 192.168.1.1 (35 matches)
    10 deny   192.168.1.0, wildcard bits 0.0.0.255
R2#
R2#
忘记加上序号了,求大神指点,为啥先匹配20,后匹配10?

晨晨 发表于 2015-10-9 17:20:45

看看
页: [1]
查看完整版本: 对于acl匹配不甚理解