雏鹰部落

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 2974|回复: 5

[讨论/求助] 连接ftp dir时候就断开了连接 请大哥些帮我看下我配置那地方错了

[复制链接]
发表于 2011-4-15 01:33:32 | 显示全部楼层 |阅读模式
连接ftp dir时候就断开了连接 请大哥些帮我看下我配置那地方错了 除了vlan 10 其他VLAN 我都做了ACL 所以VLAN 10的PC可以正常连接和查询FTP里面的内容 其他的vlan只可以连接上

sw3#show run
Building configuration...
Current configuration : 5950 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname sw3
!
!
!
enable password chicony
!
!
!
ip dhcp pool vlan10
network 172.29.1.0 255.255.255.0
default-router 172.29.1.254
ip dhcp pool vlan20
network 172.29.2.0 255.255.255.0
default-router 172.29.2.254
ip dhcp pool vlan30
network 172.29.3.0 255.255.255.0
default-router 172.29.3.254
ip dhcp pool vlan40
network 172.29.4.0 255.255.255.0
default-router 172.29.4.254
ip dhcp pool vlan50
network 172.29.5.0 255.255.255.0
default-router 172.29.5.254
ip dhcp pool vlan60
network 172.29.6.0 255.255.255.0
default-router 172.29.6.254
ip dhcp pool vlan70
network 172.29.7.0 255.255.255.0
default-router 172.29.7.254
ip dhcp pool vlan80
network 172.29.8.0 255.255.255.0
default-router 172.29.8.254
ip dhcp pool vlan90
network 172.29.9.0 255.255.255.0
default-router 172.29.9.254
ip dhcp pool vlan100
network 172.28.10.0 255.255.255.0
default-router 172.28.10.254
ip routing
!
!
!
!
username chicony secret 5 $1$mERr$nRhSeBvJYqHu2OkyCUHlA/
username sw3 secret 5 $1$mERr$nRhSeBvJYqHu2OkyCUHlA/
!
!
!
!
!
ip ssh version 2
ip domain-name chicony
ip name-server 172.28.10.1
!
!
!
!
!
!
interface FastEthernet0/1
no switchport
ip address 172.29.16.20 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.29.1.254 255.255.255.0
ip access-group permitvlan10 in
ip access-group permitvlan10 out
!
interface Vlan20
ip address 172.29.2.254 255.255.255.0
!
interface Vlan30
ip address 172.29.3.254 255.255.255.0
ip access-group permitvlan30 in
!
interface Vlan40
ip address 172.29.4.254 255.255.255.0
ip access-group denyvlan40 in
!
interface Vlan50
ip address 172.29.5.254 255.255.255.0
ip access-group denyvlan50 in
!
interface Vlan60
ip address 172.29.6.254 255.255.255.0
ip access-group denyvlan60 in
!
interface Vlan70
ip address 172.29.7.254 255.255.255.0
ip access-group denyvlan70 in
!
interface Vlan80
ip address 172.29.8.254 255.255.255.0
ip access-group denyvlan80 in
!
interface Vlan90
ip address 172.29.9.254 255.255.255.0
ip access-group denyvlan90 in
!
interface Vlan100
ip address 172.28.10.254 255.255.255.0
!
router rip
network 172.29.0.0
!
ip classless
!
!
ip access-list extended denyvlan30
deny icmp 172.29.3.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
ip access-list extended denyvlan40
deny icmp 172.29.4.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.4.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.4.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan50
deny icmp 172.29.5.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.5.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.5.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan60
deny icmp 172.29.6.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.6.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.6.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan7.0
ip access-list extended denyvlan70
deny icmp 172.29.7.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan80
deny icmp 172.29.8.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.8.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.8.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended denyvlan90
deny icmp 172.29.9.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.9.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.9.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
ip access-list extended permitvlan30
permit icmp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.3.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
!
!
!
!
!
line con 0
line vty 0 4
password chicony
login local
transport input ssh
line vty 5 15
password chicony
login local
transport input ssh
!
!
!
end
谢谢各位

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
发表于 2011-4-15 14:07:34 | 显示全部楼层
还是沙发???
发表于 2011-4-15 20:58:12 | 显示全部楼层
回复 1 # ouyangyuni 的帖子

啥是ftp dir?
发表于 2011-4-15 21:13:47 | 显示全部楼层
回复 3 # Jeff. 的帖子

隔壁院的学长
dir呢,它就是“显示远程计算机上的目录文件和子目录列表 ”
恩恩,就是这个意思~
发表于 2011-4-16 09:16:35 | 显示全部楼层
回复 4 # liqiaohuang 的帖子

受教了,哈哈,果断厉害~
发表于 2011-5-2 22:40:09 | 显示全部楼层
Router(config-ext-nacl)#$172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ?
  <0-65535>    Port number
  bgp          Border Gateway Protocol (179)
  **gen      **acter generator (19)
  cmd          Remote commands (rcmd, 514)
  daytime      Daytime (13)
  discard      Discard (9)
  domain       Domain Name Service (53)
  drip         Dynamic Routing Information Protocol (3949)
  echo         Echo (7)
  exec         Exec (rsh, 512)
  finger       Finger (79)
  ftp          File Transfer Protocol (21)
  ftp-data     FTP data connections (20)

  gopher       Gopher (70)

ip access-list extended denyvlan70
deny icmp 172.29.7.0 0.0.0.255 172.29.0.0 0.0.0.255
permit udp any any eq bootps
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq www
permit tcp 172.29.7.0 0.0.0.255 172.28.10.0 0.0.0.255 eq ftp
你的ACL只放通的控制端口,没有放通数据端口,怎么访问?
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|熊猫同学技术论坛|小黑屋| 网络工程师论坛 ( 沪ICP备09076391 )

GMT+8, 2024-12-23 13:17 , Processed in 0.086075 second(s), 21 queries , Gzip On.

快速回复 返回顶部 返回列表