سلام . یه چند وقتی هست که ترافیک شبکه ما بالاست بعد تست فهمیدیم مشکل از Access-List ها است ما از این
ip access-list extended cache
deny tcp any any neq www
deny tcp host 217.219.x.x any eq www
permit tcp 217.219.x.0 0.0.0.255 any eq www
access-list 110 permit tcp any any eq www
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny tcp any any eq 135
access-list 110 deny udp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 138
access-list 110 deny tcp any any eq 139
access-list 110 deny tcp any any eq 445
access-list 110 deny udp any any eq 445
access-list 110 deny tcp any any eq 4444
access-list 110 deny tcp any any eq 593
access-list 110 deny tcp any any eq 3127
access-list 110 deny tcp any any eq 3198
access-list 110 deny tcp any any eq 5554
access-list 110 deny tcp any any eq 9996
access-list 110 deny tcp any any eq 1034
access-list 110 deny tcp any any eq 2745
access-list 110 deny tcp any host 216.250.x.x
access-list 110 permit udp host 195.219.x.x any eq tftp
access-list 110 deny udp any any eq tftp
access-list 110 permit icmp any host 192.9.9.3 echo
access-list 110 permit icmp any host 128.8.5.2 echo
access-list 110 deny icmp any any echo
access-list 110 permit ip any any
access-list 111 permit ip any host 217.219.x.x
access-list 111 permit ip any any
access-list 120 permit tcp 217.219.x.0 0.0.0.61 any eq www
route-map cache permit 11
match ip address cache
set ip default next-hop 217.219.x.x
اکسس لیست ها استفاده میکنیم که داریم:
interface Serial0/0
ip unnumbered FastEthernet0/0
ip access-group 110 in
ip access-group 111 out
ip nat outside
encapsulation ppp
ip route-cache flow
no peer default ip address
می خواستم بدونم مشکل از کجاست؟چه طوری می تونم دسترسی را فقط به 60 تا آی پی خودمون بدم ؟
ممنونم
موضوعات مشابه: