Building configuration...
Current configuration : 1422 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
ip dhcp pool cisco
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip dhcp pool cisco1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip cef
no ipv6 cef
!
!
!
username cisco secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
license udi pid CISCO2911/K9 sn FTX15245DY7
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 172.16.10.1 255.255.0.0
ip access-group test1 out
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
ip nat pool wan 172.16.10.1 172.16.10.1 netmask 255.255.0.0
ip nat inside source list test1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended test1
permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login local
!
!
!
end
这是我简单的一个实验环境,为什么当我在G0/0口应用了“ ip access-group test1 out”后,我的192.168.2.0网段也不能访问外部服务器了呢!