cisco ACL ip access-group 1 (in/out)不明白

转自链接:https://blog.csdn.net/seaship/article/details/86224999

1.access-list 与ip access-list的区别

access-list 是用数字来定义----acl(标准或扩展ACL,用数字定义) 
ip access-list 是用名字来定义acl(命名ACL 命名前面要加 standard or extended
2.应用在端口上的访问控制列表
1、如果在路由器R1上配置标准的访问控制列表,阻止PC1访问PC3,如配置的ACL为access-list 1 deny 192.168.1.254 0.0.0.0 access-list 1 permit any。如果将此访问列表应用到f0/1接口int f0/1
ip access-group 1 (in/out)不管此处是in还是out PC1都将无法访问PC2,但是这两种情况下,数据包被阻止的情况不一样,如果应用的是 ip access-group 1 out,那么从PC1传送出来的数据包,只能传到f0/1接口,但不能通过此接口,因为此时访问列表将PC1发送的数据包给阻止了。
但是如果应用的是 ip access-group 1 in应用到f0/1接口的,那么从PC1传输的数据包可以通过f0/1接口到达PC2,但是,此时从PC2返回给PC1的流量将无法通过f0/1,因为此时f0/1的的访问列表应用的是in(即入口访问方式),所以进入该接口的数据包将会被阻止。
————————————————
看了这个我有个疑问,标准ACL不是按照源地址来选择是否转发或接受吗,那 ip access-group 1 out,那么从PC1传送出来的数据包,源地址是PC1的IP号,不应该可以通过吗

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
Python+OpenCV计算机视觉

Python+OpenCV计算机视觉

思科标准ACL不是只过滤源地址吗,为什么设置之后同样ping不通ACL中的源地址?

在R1上配置了标准ACL:access-list 10 deny host 192.168.11.10 在R1的Se2/0接口:ip access-group 10 out 现在主机192.168.11.10 ping不通其他主机,但是为什么其他主机也ping不通主机192.168.11.10 ,不是过滤源地址吗,要是用其他主机ping主机192.168.11.10 ,那主机192.168.11.10 应该是目的地址,不在ACL的过滤范围内啊,为什么ping不通呢?![图片说明](https://img-ask.csdn.net/upload/201612/06/1481037917_626935.png)

思科关于NAT网络地址转换问题!

Building configuration... Current configuration : 1422 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ip dhcp pool cisco network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 ip dhcp pool cisco1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 ! ip cef no ipv6 cef ! ! ! username cisco secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! license udi pid CISCO2911/K9 sn FTX15245DY7 ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 ip address 172.16.10.1 255.255.0.0 ip access-group test1 out ip nat outside duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface GigabitEthernet0/2 ip address 192.168.2.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 192.168.1.0 0.0.0.255 area 0 network 172.16.0.0 0.0.255.255 area 0 network 192.168.2.0 0.0.0.255 area 0 ! ip nat pool wan 172.16.10.1 172.16.10.1 netmask 255.255.0.0 ip nat inside source list test1 interface GigabitEthernet0/0 overload ip classless ! ip flow-export version 9 ! ! ip access-list extended test1 permit ip 192.168.2.0 0.0.0.255 any ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login local ! ! ! end 这是我简单的一个实验环境,为什么当我在G0/0口应用了“ ip access-group test1 out”后,我的192.168.2.0网段也不能访问外部服务器了呢!

我有使用cgo的库,即使卸载了cygwin,我也遇到了此编译错误

<div class="post-text" itemprop="text"> <p>I included a library in my project that uses cgo, and I got this error when I compile, even with cygwin uninstalled. </p> <p>I was having cygwin installed first, and try to compile. I read another post that cygwin does not work with cgo, so I installed MinGW-64 for windows. and I got compiled error. Then I uninstall cygwin, still I am getting same problem</p> <pre><code>C:\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1 C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000004.o: In function `COVER_buildDictionary': /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:678: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:678: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:710: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:710: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:714: undefined reference to `__getreent' C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000004.o:/cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/cover.c:714: more undefined references to `__getreent' follow C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000006.o: In function `ss_mintrosort': /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:444: undefined reference to `__assert_func' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:517: undefined reference to `__assert_func' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:516: undefined reference to `__assert_func' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:503: undefined reference to `__assert_func' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:502: undefined reference to `__assert_func' C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000006.o:/cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/divsufsort.c:499: more undefined references to `__assert_func' follow C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000009.o: In function `FASTCOVER_buildDictionary': /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:395: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:395: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:434: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:434: undefined reference to `__getreent' /cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:430: undefined reference to `__getreent' C:\Users\ciczhang\AppData\Local\Temp\go-link-091280735\000009.o:/cygdrive/c/NextGenPO/GoWorkplace/src/bitbucket-eng-sjc1.cisco.com/bitbucket/nextg/lds-microservice/vendor/github.com/DataDog/zstd/fastcover.c:430: more undefined references to `__getreent' follow collect2.exe: error: ld returned 1 exit status </code></pre> </div>

思科防火墙5505 端口映射问题

单位内有台电脑想要端口映射到外网访问,查询了相关资料一直没弄好,请求大神帮忙。 贴上防火墙代码: ciscoasa(config)# sh run : Saved : ASA Version 8.2(5) ! hostname ciscoasa names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 1000 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 no nameif security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 10 ip address 公网IP 255.255.255.248 ! interface Vlan1000 nameif inside security-level 100 ip address 1.1.1.2 255.255.255.252 ! ftp mode passive dns domain-lookup outside dns server-group DefaultDNS name-server 233.5.5.5 name-server 114.114.114.114 object-group network OBJ_INSIDE_Subnet network-object 10.88.0.0 255.255.0.0 access-list 101 extended permit icmp any any access-list 101 extended permit ip any any access-list 101 extended permit tcp any eq www interface outside eq 28780 access-list 101 extended permit tcp any eq 8866 interface outside eq 30001 access-list 101 extended permit tcp any eq 8080 interface outside eq 38080 pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface 28780 10.88.98.87 www netmask 255.255.255.255 static (inside,outside) tcp interface 30001 10.88.38.215 8866 netmask 255.255.255.255 static (inside,outside) tcp interface 38080 10.88.38.215 8080 netmask 255.255.255.255 access-group 101 in interface outside access-group 101 in interface inside route outside 0.0.0.0 0.0.0.0 公网网关 1 route inside 10.88.0.0 255.255.0.0 1.1.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication telnet console LOCAL http server enable http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 210.72.145.44 webvpn ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous : end 现在外网访问不了服务器页面,然后用站长工具里面的端口扫描显示28780与30001端口是打开的。 sh nat: ciscoasa(config)# sh nat NAT policies on Interface inside: match tcp inside host 10.88.98.87 eq 80 outside any static translation to 公网IP/28780 translate_hits = 0, untranslate_hits = 11 match tcp inside host 10.88.38.215 eq 8866 outside any static translation to 公网IP/30001 translate_hits = 0, untranslate_hits = 105 match tcp inside host 10.88.38.215 eq 8080 outside any static translation to 公网IP/38080 translate_hits = 0, untranslate_hits = 2 match ip inside any outside any dynamic translation to pool 1 (公网IP [Interface PAT]) translate_hits = 5885251, untranslate_hits = 531611 match ip inside any inside any dynamic translation to pool 1 (No matching global) translate_hits = 0, untranslate_hits = 0 match ip inside any _internal_loopback any dynamic translation to pool 1 (No matching global) translate_hits = 0, untranslate_hits = 0 match ip inside any outside any no translation group, implicit deny policy_hits = 0 ciscoasa(config)# 为什么这里untranslate_hits = 11 我只要用站长工具的端口扫描一次,这里就增加一。 请问我怎么才能成功把10.88.98.87的80端口映射到公网IP的28780端口呢? 谢啦。

适用于Windows服务器和Cisco交换机的简单PHP正常运行时间监视器

<div class="post-text" itemprop="text"> <p>I've written (well cobbled together from other people's code) a very simple uptime monitor for our servers - it's just an ICMP (ping) monitor and it works very well for our limited amount of servers (20 or so), and very fast. Here's the code (the actual ping test functions I think are based on Birk Jensen's work ( <a href="http://birk-jensen.dk/2010/09/php-ping/" rel="nofollow">http://birk-jensen.dk/2010/09/php-ping/</a> ), and I've just utilised his functions to display a green circle PNG when everything is up and red ones for each server that's down (if any).</p> <pre><code>&lt;html&gt; &lt;head&gt; &lt;style type='text/css'&gt; *{ font-family:verdana,tahoma,arial; font-size:17px; } .light{width:30px;} h1{ font-size:25px; } &lt;/style&gt; &lt;meta http-equiv="refresh" content="30"&gt; &lt;/head&gt; &lt;body&gt; &lt;?php $time1=date('H:i:s'); echo "Last Refresh Time = $time1&lt;br/&gt;&lt;hr/&gt;"; error_reporting(0); /*-----------------------------------------------------------------------------------------*/ // Checksum calculation function function icmpChecksum($data) { if (strlen($data)%2) $data .= "\x00"; $bit = unpack('n*', $data); $sum = array_sum($bit); while ($sum &gt;&gt; 16) $sum = ($sum &gt;&gt; 16) + ($sum &amp; 0xffff); return pack('n*', ~$sum); } /*-----------------------------------------------------------------------------------------*/ function PingTry1($pingaddress){ // Making the package $type= "\x08"; $code= "\x00"; $checksum= "\x00\x00"; $identifier = "\x00\x00"; $seqNumber = "\x00\x00"; $data= "testing123"; $package = $type.$code.$checksum.$identifier.$seqNumber.$data; $checksum = icmpChecksum($package); // Calculate the checksum $package = $type.$code.$checksum.$identifier.$seqNumber.$data; // And off to the sockets $socket = socket_create(AF_INET, SOCK_RAW, 1); socket_set_option ( $socket, SOL_SOCKET, SO_RCVTIMEO, array("sec"=&gt;1, "usec"=&gt;0) ); socket_connect($socket, $pingaddress, null); $startTime = microtime(true); socket_send($socket, $package, strLen($package), 0); if (socket_read($socket, 255)) { return true; } else{ return false; } socket_close($socket); } /*-----------------------------------------------------------------------------------------*/ function DoTheCheck($name,$ip){ global $errors; global $j; if (PingTry1($ip)==1){ //do nothing }else{ $j++; $errors[$j] = "$name --&gt; $ip"; } } /*-----------------------------------------------------------------------------------------*/ //READ IN THE INI FILE INTO $filedata Array $myFile1="hosts.ini"; $filehandle1 = fopen($myFile1, 'r') or die("Couldn't open file [$myFile1]"); $number1=count(file($myFile1));; $filedata = fread($filehandle1, filesize($myFile1)); fclose($filehandle1); // Create an array with each line of the file $array1 = explode(" ", $filedata); unset($filedata); //free up a bit of memory foreach ($array1 as &amp;$line) { // step through the array, line by line if (!empty($line)){ list ($name,$ip)=split(",",$line); DoTheCheck($name,$ip); } } if ($errors){ echo 'The Following Hosts are down - &lt;br/&gt;&lt;br/&gt;&lt;table&gt;'; foreach ($errors as &amp;$value) { $k++; echo '&lt;tr&gt;&lt;td&gt;&lt;img class="light" src="red.png" /&gt;&lt;/td&gt;&lt;td&gt;'.$errors[$k].'&lt;/td&gt;&lt;/tr&gt;'; } echo '&lt;/tr&gt;&lt;/table&gt;'; } else{echo '&lt;img class="light" src="green.png" /&gt;&lt;h1&gt;ALL IPS ARE UP!&lt;/h1&gt;';} ?&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> <p>The code above works great for servers but it doesn't seem to work at all for Cisco switches - probably something to do with the way it does its 'ping' as such.</p> <p>I haven't done any work on this script in ages because of college commitments etc but I've gone back to doing as much google research as I can, but admittedly I'm a level 2 or 3 PHP n00b at best. Today I found a couple of solutions that work for switches, but they have 5 or 6 second timeout periods, which is unacceptable as I want the system to loop as much as possible and as cleanly as possible, and log downtime for graphing later on.</p> <p>For Example - I've tried this:</p> <pre><code> function ping($host, $timeout = 1) { /* ICMP ping packet with a pre-calculated checksum */ $package = "\x08\x00\x7d\x4b\x00\x00\x00\x00PingHost"; $socket = socket_create(AF_INET, SOCK_RAW, 1); socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' =&gt; $timeout, 'usec' =&gt; 0)); socket_connect($socket, $host, null); $ts = microtime(true); socket_send($socket, $package, strLen($package), 0); if (socket_read($socket, 255)) $result = microtime(true) - $ts; else $result = false; socket_close($socket); return $result; } </code></pre> <p>and also this:</p> <pre><code> $url = '192.168.1.1'; $socket = ( bool )false; $error = ( bool )false; $socket = @fsockopen( $url, 23, $errno, $errstr, 1 ) or $error = ( bool )true; if ( ( $socket ) &amp;&amp; ( !$error ) ) { echo "bound"; /* socket is bound - do something */ } else { echo "not bound , [$errstr]"; /* socket is dead - errors are in $errno &amp; $errstr */ } if ($socket)fclose($socket); </code></pre> <p>And they both seem to work when the host is online, but if I give it an IP that doesn't exist (for testing, as if host was offline), it takes about 5 or more seconds to time out on a single IP, which is just too slow for my needs.</p> <p>Would it be possible to do this using pcntl_fork or even curl with multi-threading ? or multiple 'exec' calls or AJAX even (I'm willing to try anything at this stage)</p> <p>or some sort of Data Layer (layer 2) Mac scanning code would be great either - I don't expect anyone to write the full code, but I'm sure somebody that has done this sort of thing before would have a good idea of the pitfalls and how to get around them.</p> <p>So in summary - a simple and easy fix would be nice ( I'll Keep Dreaming :-D ) but any help or advice at all is much appreciated.</p> <p>EDIT - after some advice to try Net_Ping in PEAR I've got the following code:</p> <pre><code>&lt;?php $time1=date('H:i:s'); echo "Last Refresh Time = $time1&lt;br/&gt;&lt;hr/&gt;"; //not sure if still needed - error_reporting(0); require_once "Net/Ping.php"; $ping = Net_Ping::factory(); $ping-&gt;setArgs(array('count' =&gt; 2, 'ttl' =&gt; 50, 'timeout' =&gt; 1)); /*---------------------------------------------------------------------*/ function DoPing($ip) { global $ping; $results = $ping-&gt;ping($ip); if ($results-&gt;_loss==0) {return true;}else{return false;} } /*---------------------------------------------------------------------------------*/ function DoTheCheck($name,$ip){ global $errors; global $j; if (DoPing($ip)==1){ //do nothing }else{ $j++; $errors[$j] = "$name --&gt; $ip"; } } /*-----------------------------------------------------------------------------------*/ //READ IN THE INI FILE INTO $filedata Array $myFile1="hosts.ini"; $filehandle1 = fopen($myFile1, 'r') or die("Couldn't open file [$myFile1]"); $number1=count(file($myFile1));; $filedata = fread($filehandle1, filesize($myFile1)); fclose($filehandle1); // Create an array with each line of the file $array1 = explode(" ", $filedata); unset($filedata); //free up a bit of memory foreach ($array1 as &amp;$line) { // step through the array, line by line if ( (!empty($line)) &amp;&amp; (!strstr($line,'##')) ) { list ($name,$ip)=split(",",$line); DoTheCheck($name,$ip); } } if ($errors){ echo 'The Following Hosts are down - &lt;br/&gt;&lt;br/&gt;&lt;table&gt;'; foreach ($errors as &amp;$value) { $k++; echo '&lt;tr&gt;&lt;td&gt;&lt;img class="light" src="red.png" /&gt;&lt;/td&gt;&lt;td&gt;'.$errors[$k].'&lt;/td&gt;&lt;/tr&gt;'; } echo '&lt;/tr&gt;&lt;/table&gt;'; } else{echo '&lt;img class="light" src="green.png" /&gt;&lt;h1&gt;ALL IPS ARE UP!&lt;/h1&gt;';} ?&gt; </code></pre> <p>but that is too slow... takes about a minute or two to check about 20 servers and 10 switches. I need to add about 100 switches so it's only going to get slower. There must be a better way to do this. Again, any help is always very much appreciated. I will probably try Munin but realistically I need something I can integrate into my Company's Intranet (PHP).</p> </div>

求助:Cisco2960 交换机通电后GigabitEthernet0/1和GigabitEthernet0/2常亮(橙色)

求前辈指导一下 ![图片说明](https://img-ask.csdn.net/upload/201901/31/1548916037_232189.jpg) ![图片说明](https://img-ask.csdn.net/upload/201901/31/1548916047_814416.png)

三层交换机访问控制列表怎么配置

ZJL>en ZJL>en ZJL#conf t Enter configuration commands, one per line. End with CNTL/Z. ZJL(config)#access-list 1 permit host 192.168.50.4 ZJL(config)#access-list 1 deny any ZJL(config)#interface fa0/2 ZJL(config-if)#ip access-list 1 out ^ % Invalid input detected at '^' marker. ZJL(config-if)# 要求是192.168.50.4能访问fa0/2相连的主机,其他的都不能访问。 请问哪里不对??

CCNA 二层交换机管理IP ping不通

问题现象: pc能ping通路由,ping不通直连的交换机管理IP 路由和交换机互ping不通 2台交换机间能互ping通 配置: 路由做了单臂路由,不同VLAN的PC能互ping通 例: 路由配了2个子接口,172.32.12.1 172.32.4.1 交换机IP:172.32.4.X 请高手帮忙看看问题出在哪? 下面是路由配置 R1#sh run Building configuration... Current configuration : 1220 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$EhMAv6LmP8GklpWJfOWDA0 ! ! ip dhcp excluded-address 172.32.4.1 ip dhcp excluded-address 172.32.12.1 ! ip dhcp pool DIANPU_DHCP network 172.32.4.0 255.255.255.0 default-router 172.32.4.1 dns-server 202.96.209.6 ! ! ! username nribadmin password 7 08115E431A49544749 ! ! ! ! ! ip domain-name prms.com ! ! spanning-tree mode pvst ! ! ! ! interface Loopback0 ip address 172.31.4.22 255.255.255.255 ! interface FastEthernet0/0 ip address 202.96.209.5 255.255.255.252 ip nat outside duplex auto speed auto ipv6 ospf cost 1 ! interface FastEthernet0/1 no ip address ip nat inside duplex auto speed auto ! interface FastEthernet0/1.200 encapsulation dot1Q 200 ip address 172.32.12.1 255.255.255.0 ! interface FastEthernet0/1.204 encapsulation dot1Q 204 ip address 172.32.4.1 255.255.255.0 ! interface Vlan1 no ip address shutdown ! ip nat inside source list ACL-NAT interface FastEthernet0/0 overload ip classless ! ! ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 password 7 08115E431A49544749 login transport input telnet ! ! ! end 下面是其中一台交换机配置 SW1>en Password: SW1#sh run Building configuration... Current configuration : 1490 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname SW1 ! enable secret 5 $1$mERr$EhMAv6LmP8GklpWJfOWDA0 ! no ip domain-lookup ip domain-name prms.com ! username nribadmin privilege 1 password 7 08115E431A49544749 ! spanning-tree mode rapid-pvst spanning-tree portfast default ! interface FastEthernet0/1 switchport access vlan 204 ! interface FastEthernet0/2 switchport access vlan 204 ! interface FastEthernet0/3 switchport access vlan 204 ! interface FastEthernet0/4 switchport access vlan 204 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 switchport access vlan 200 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 switchport mode trunk ! interface FastEthernet0/24 switchport mode trunk ! interface Vlan1 no ip address shutdown ! interface Vlan300 ip address 172.32.12.6 255.255.255.0 ! ip default-gateway 172.32.12.1 ! ! line con 0 ! line vty 0 4 password 7 08115E431A49544749 login transport input telnet line vty 5 15 login ! ! end

用思科模拟器组无线网,,通过802.1x认证,一加密就连不上了

到底哪里配置不对啊。。求大佬解惑![图片说明](https://img-ask.csdn.net/upload/201801/06/1515214458_486355.png)![图片说明](https://img-ask.csdn.net/upload/201801/06/1515214473_568273.png)![图片说明](https://img-ask.csdn.net/upload/201801/06/1515214481_437150.png)![图片说明](https://img-ask.csdn.net/upload/201801/06/1515214489_495997.png)![图片说明](https://img-ask.csdn.net/upload/201801/06/1515214496_167727.png)

华为交换机做过策略路由后网速慢,我是30m专线,但是测速只有上传10k,下载300k

dis cur # !Software Version V100R005C01SPC100 sysname Quidway # dns server 202.102.224.68 dns server 114.114.114.114 # vlan batch 2 to 11 50 200 400 # dhcp enable # http server load flash:/S5700EI-V100R005C01SPC100.web.zip # acl number 2001 rule 5 permit source 192.168.119.199 0 rule 10 permit source 192.168.111.200 0 rule 15 permit source 192.168.112.200 0 rule 20 permit source 192.168.114.200 0 # traffic classifier f1 operator and if-match acl 2001 # traffic behavior b1 ---- More ----[42D [42D redirect ip-nexthop 192.168.5.254 car cir 6000 pir 10000 cbs 750000 pbs 1250000 green pass yellow pass red discard # traffic policy p1 classifier f1 behavior b1 # vlan 3 traffic-policy p1 inbound vlan 4 traffic-policy p1 inbound vlan 6 traffic-policy p1 inbound vlan 11 traffic-policy p1 inbound vlan 50 description lvyoumeiti # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin ---- More ----[42D [42D local-user admin password simple admin local-user admin privilege level 15 local-user admin service-type telnet http local-user quidway password simple Admin@123 local-user quidway privilege level 15 local-user quidway ftp-directory flash: local-user quidway service-type telnet terminal ssh ftp web http # interface Vlanif2 ip address 192.168.110.1 255.255.255.0 # interface Vlanif3 ip address 192.168.111.1 255.255.255.0 # interface Vlanif4 ip address 192.168.112.1 255.255.255.0 # interface Vlanif5 ip address 192.168.113.1 255.255.255.0 # interface Vlanif6 ip address 192.168.114.1 255.255.255.0 # ---- More ----[42D [42Dinterface Vlanif7 ip address 192.168.115.1 255.255.255.0 # interface Vlanif8 ip address 192.168.116.1 255.255.255.0 # interface Vlanif9 ip address 192.168.117.1 255.255.255.0 # interface Vlanif10 ip address 192.168.118.1 255.255.255.0 # interface Vlanif11 ip address 192.168.119.1 255.255.255.0 # interface Vlanif50 description lvyoumeiti ip address 192.168.5.253 255.255.255.0 # interface Vlanif400 ip address 192.168.4.1 255.255.255.0 # interface MEth0/0/1 ---- More ----[42D [42D# interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 mode lacp-static bpdu enable # interface GigabitEthernet0/0/1 port link-type access port default vlan 2 # interface GigabitEthernet0/0/2 port link-type access port default vlan 2 # interface GigabitEthernet0/0/3 port link-type access port default vlan 2 # interface GigabitEthernet0/0/4 port link-type access port default vlan 2 # ---- More ----[42D [42Dinterface GigabitEthernet0/0/5 port link-type access port default vlan 2 # interface GigabitEthernet0/0/6 port link-type access port default vlan 2 # interface GigabitEthernet0/0/7 port link-type access port default vlan 2 # interface GigabitEthernet0/0/8 port link-type access port default vlan 2 # interface GigabitEthernet0/0/9 port link-type access port default vlan 2 # interface GigabitEthernet0/0/10 port link-type access port default vlan 2 ---- More ----[42D [42D# interface GigabitEthernet0/0/11 port link-type access port default vlan 2 # interface GigabitEthernet0/0/12 port link-type access port default vlan 2 # interface GigabitEthernet0/0/13 port link-type access port default vlan 2 # interface GigabitEthernet0/0/14 port link-type access port default vlan 2 # interface GigabitEthernet0/0/15 port link-type access port default vlan 2 # interface GigabitEthernet0/0/16 port link-type access ---- More ----[42D [42D port default vlan 2 # interface GigabitEthernet0/0/17 port link-type access port default vlan 2 # interface GigabitEthernet0/0/18 port link-type access port default vlan 2 # interface GigabitEthernet0/0/19 port link-type access port default vlan 4 # interface GigabitEthernet0/0/20 port link-type access port default vlan 6 # interface GigabitEthernet0/0/21 port link-type access port default vlan 7 # interface GigabitEthernet0/0/22 ---- More ----[42D [42D port link-type access port default vlan 3 # interface GigabitEthernet0/0/23 port link-type access port default vlan 2 # interface GigabitEthernet0/0/24 port link-type access port default vlan 2 # interface GigabitEthernet0/0/25 port link-type access port default vlan 5 # interface GigabitEthernet0/0/26 port link-type access port default vlan 2 # interface GigabitEthernet0/0/27 port link-type access port default vlan 9 # ---- More ----[42D [42Dinterface GigabitEthernet0/0/28 port link-type access port default vlan 2 # interface GigabitEthernet0/0/29 port link-type access port default vlan 10 # interface GigabitEthernet0/0/30 port link-type access port default vlan 2 # interface GigabitEthernet0/0/31 eth-trunk 1 # interface GigabitEthernet0/0/32 port link-type access port default vlan 2 # interface GigabitEthernet0/0/33 port link-type access port default vlan 11 # ---- More ----[42D [42Dinterface GigabitEthernet0/0/34 port link-type access port default vlan 2 # interface GigabitEthernet0/0/35 port link-type access port default vlan 2 # interface GigabitEthernet0/0/36 port link-type access port default vlan 8 # interface GigabitEthernet0/0/37 port link-type access port default vlan 2 # interface GigabitEthernet0/0/38 port link-type access port default vlan 2 # interface GigabitEthernet0/0/39 port link-type access port default vlan 2 ---- More ----[42D [42D# interface GigabitEthernet0/0/40 port link-type access port default vlan 2 # interface GigabitEthernet0/0/41 port link-type access port default vlan 2 # interface GigabitEthernet0/0/42 port link-type access port default vlan 2 # interface GigabitEthernet0/0/43 eth-trunk 1 # interface GigabitEthernet0/0/44 port link-type access port default vlan 6 # interface GigabitEthernet0/0/45 port link-type access port default vlan 2 ---- More ----[42D [42D# interface GigabitEthernet0/0/46 port link-type access port default vlan 2 # interface GigabitEthernet0/0/47 port link-type access port default vlan 2 # interface GigabitEthernet0/0/48 port link-type access port default vlan 50 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.110.254 ip route-static 41.0.0.0 255.0.0.0 192.168.110.189 ip route-static 172.18.0.0 255.255.0.0 192.168.110.150 ip route-static 192.0.0.0 255.0.0.0 192.168.110.189 ip route-static 192.168.3.0 255.255.255.0 192.168.4.0 ip route-static 192.168.5.0 255.255.255.0 192.168.5.254 # snmp-agent ---- More ----[42D [42D snmp-agent local-engineid 000007DB7F00000100002763 snmp-agent sys-info version v3 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 authentication-mode aaa # return <Quidway>

配置动态Acl老是提示错误,为什么呢?

CoreA(config) #access-list 120 dynamic CCNA timeout 5ip permit any host 10.0.6.1 Invalid input detected at '^'marker.

思科模拟器:配置交换机的ip地址时,这个ip属于整个交换机,还是交换机中划分的VLAN?还是vlan中的接口?

如题,我在使用思科模拟器时设置交换机的端口,但是我不太理解这个ip是属于谁的 Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.0.1 255.255.255.0 如上,这个配置的ip是属于Switch的,还是VLAN 1 的,还是接口f0/1的

为什么我的思科交换机没有storm-control action shutdown这个命令呢

![图片说明](https://img-ask.csdn.net/upload/202006/15/1592190395_546094.png)

通过PHP exec()运行Clogin

<div class="post-text" itemprop="text"> <p>I'm trying to create a PHP page that I can go to in order to get information from cisco switches we have. My only current option for reading data from them is to use rancid's clogin.</p> <p>When I run:</p> <pre><code>sudo -u www-data /usr/lib/rancid/bin/clogin -f /home/www-data/.cloginrc -c 'show run int fa 0/1' as-switch-123 2&gt;&amp;1 </code></pre> <p>it runs and returns the information about port 0/1.</p> <p>However when I run the following: </p> <pre><code>&lt;?php ini_set('display_errors',1); error_reporting(E_ALL); $mainCommand = "/usr/lib/rancid/bin/clogin -f /home/www-data/.cloginrc -c 'show run int fa 0/1' as-switch-123 2&gt;&amp;1"; $outputArray = array(); echo exec($mainCommand,$outputArray,$returnCode); echo '&lt;br /&gt;&lt;br /&gt;'; var_dump($outputArray); echo '&lt;br /&gt;&lt;br /&gt;'; var_dump($returnCode); ?&gt; </code></pre> <p>I get the return from $outputArray shown below:</p> <pre><code>array(5) { [0]=&gt; string(16) "no such variable" [1]=&gt; string(31) " (read trace on "env(HOME)")" [2]=&gt; string(23) " invoked from within" [3]=&gt; string(40) ""set password_file $env(HOME)/.cloginrc"" [4]=&gt; string(47) " (file "/usr/lib/rancid/bin/clogin" line 66)" } </code></pre> <p>Does anyone know why its not giving me the output the same as when you run it from sudo?</p> </div>

思科交换实验(MSTP+HSRP)

![图片说明](https://img-ask.csdn.net/upload/201712/01/1512138504_325004.png) 拓扑如上图,IOU1和2是三层交换机,3和4是二层交换机。 配置完之后IOU1和2的HSRP都是ACTIVE状态,重启后直接INIT起不来了,详细配置如下,求大神解答~ # IOU1: hostname IOU1 ! boot-start-marker boot-end-marker ! ! logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL logging buffered 50000 logging console discriminator EXCESS ! no aaa new-model no ip icmp rate-limit unreachable ! ip cef ! ! no ip domain-lookup no ipv6 cef ipv6 multicast rpf use-bgp ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name ccnp instance 1 vlan 10 instance 2 vlan 20 ! spanning-tree mst 1 priority 24576 spanning-tree mst 2 priority 28672 ! ! ! ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! track 1 interface Ethernet0/0 line-protocol ! ! ! ! interface Ethernet0/0 no switchport ip address 12.1.1.1 255.255.255.0 ! interface Ethernet0/1 no switchport ip address 14.1.1.1 255.255.255.0 ! interface Ethernet0/2 no switchport ip address 13.1.1.1 255.255.255.0 ! interface Ethernet0/3 duplex auto ! interface Ethernet1/0 duplex auto ! interface Ethernet1/1 duplex auto ! interface Ethernet1/2 duplex auto ! interface Ethernet1/3 duplex auto ! interface Ethernet2/0 duplex auto ! interface Ethernet2/1 duplex auto ! interface Ethernet2/2 duplex auto ! interface Ethernet2/3 duplex auto ! interface Ethernet3/0 duplex auto ! interface Ethernet3/1 duplex auto ! interface Ethernet3/2 duplex auto ! interface Ethernet3/3 duplex auto ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 192.168.1.10 255.255.255.0 standby 10 ip 192.168.1.254 standby 10 priority 105 standby 10 preempt standby 10 authentication ccnp standby 10 track 1 decrement 10 standby 20 track 1 decrement 10 ! interface Vlan20 ip address 192.168.2.20 255.255.255.0 standby 10 track 1 decrement 10 standby 20 ip 192.168.2.254 standby 20 preempt standby 20 authentication ccnp standby 20 track 1 decrement 10 ! router rip network 12.0.0.0 network 13.0.0.0 network 14.0.0.0 ! ! ! no ip http server ! # IOU2: hostname IOU2 ! boot-start-marker boot-end-marker ! ! logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL logging buffered 50000 logging console discriminator EXCESS ! no aaa new-model no ip icmp rate-limit unreachable ! ip cef ! ! no ip domain-lookup no ipv6 cef ipv6 multicast rpf use-bgp ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name ccnp instance 1 vlan 10 instance 2 vlan 20 ! spanning-tree mst 1 priority 28672 spanning-tree mst 2 priority 24576 ! ! ! ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! track 1 interface Ethernet0/0 line-protocol ! track 2 interface Ethernet0/0 line-protocol ! ! ! ! interface Ethernet0/0 no switchport ip address 12.1.1.2 255.255.255.0 ! interface Ethernet0/1 no switchport ip address 24.1.1.2 255.255.255.0 ! interface Ethernet0/2 no switchport ip address 23.1.1.2 255.255.255.0 ! interface Ethernet0/3 duplex auto ! interface Ethernet1/0 duplex auto ! interface Ethernet1/1 duplex auto ! interface Ethernet1/2 duplex auto ! interface Ethernet1/3 duplex auto ! interface Ethernet2/0 duplex auto ! interface Ethernet2/1 duplex auto ! interface Ethernet2/2 duplex auto ! interface Ethernet2/3 duplex auto ! interface Ethernet3/0 duplex auto ! interface Ethernet3/1 duplex auto ! interface Ethernet3/2 duplex auto ! interface Ethernet3/3 duplex auto ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 192.168.1.11 255.255.255.0 standby 10 ip 192.168.1.254 standby 10 preempt standby 10 authentication ccnp standby 10 track 1 decrement 10 standby 10 track 2 decrement 10 standby 20 track 1 decrement 10 standby 20 track 2 decrement 10 ! interface Vlan20 ip address 192.168.2.21 255.255.255.0 standby 10 track 1 decrement 10 standby 10 track 2 decrement 10 standby 20 ip 192.168.2.254 standby 20 priority 105 standby 20 preempt standby 20 authentication ccnp standby 20 track 1 decrement 10 standby 20 track 2 decrement 10 ! router rip network 12.0.0.0 network 13.0.0.0 network 14.0.0.0 ! ! ! no ip http server # IOU3: hostname IOU3 ! boot-start-marker boot-end-marker ! ! logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL logging buffered 50000 logging console discriminator EXCESS ! no aaa new-model no ip icmp rate-limit unreachable ! ip cef ! ! no ip domain-lookup no ipv6 cef ipv6 multicast rpf use-bgp ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name ccnp instance 1 vlan 10 instance 2 vlan 20 ! ! ! ! ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface Ethernet0/0 no switchport ip address 13.1.1.3 255.255.255.0 ! interface Ethernet0/1 no switchport ip address 23.1.1.3 255.255.255.0 ! interface Ethernet0/2 switchport access vlan 10 switchport mode access duplex auto ! interface Ethernet0/3 duplex auto ! interface Ethernet1/0 duplex auto ! interface Ethernet1/1 duplex auto ! interface Ethernet1/2 duplex auto ! interface Ethernet1/3 duplex auto ! interface Ethernet2/0 duplex auto ! interface Ethernet2/1 duplex auto ! interface Ethernet2/2 duplex auto ! interface Ethernet2/3 duplex auto ! interface Ethernet3/0 duplex auto ! interface Ethernet3/1 duplex auto ! interface Ethernet3/2 duplex auto ! interface Ethernet3/3 duplex auto ! interface Vlan1 no ip address shutdown ! router rip network 13.0.0.0 network 23.0.0.0 ! ! ! no ip http server # IOU4: hostname IOU4 ! boot-start-marker boot-end-marker ! ! logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL logging buffered 50000 logging console discriminator EXCESS ! no aaa new-model no ip icmp rate-limit unreachable ! ip cef ! ! no ip domain-lookup no ipv6 cef ipv6 multicast rpf use-bgp ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name ccnp instance 1 vlan 10 instance 2 vlan 20 ! ! ! ! ! ! ! vlan internal allocation policy ascending ! ip tcp synwait-time 5 ! ! ! ! interface Ethernet0/0 no switchport ip address 24.1.1.4 255.255.255.0 ! interface Ethernet0/1 no switchport ip address 14.1.1.4 255.255.255.0 ! interface Ethernet0/2 switchport access vlan 20 switchport mode access duplex auto ! interface Ethernet0/3 duplex auto ! interface Ethernet1/0 duplex auto ! interface Ethernet1/1 duplex auto ! interface Ethernet1/2 duplex auto ! interface Ethernet1/3 duplex auto ! interface Ethernet2/0 duplex auto ! interface Ethernet2/1 duplex auto ! interface Ethernet2/2 duplex auto ! interface Ethernet2/3 duplex auto ! interface Ethernet3/0 duplex auto ! interface Ethernet3/1 duplex auto ! interface Ethernet3/2 duplex auto ! interface Ethernet3/3 duplex auto ! interface Vlan1 no ip address shutdown ! router rip network 14.0.0.0 network 24.0.0.0 ! ! ! no ip http server

在配置zone安全策略是信任区无法访问dmz区和非信任区??

Router>en Router#conft Enterconfiguration commands, one per line. End with CNTL/Z. Router(config)#access-list111 permit tcp 192.1.1.0 0.0.0.255 host 192.1.2.2 Router(config)#class-maptype inspect match-all trust-dmz-http Router(config-cmap)#matchaccess-group 111 Router(config-cmap)#matchprotocol http Router(config-cmap)#exit Router(config)#policy-maptype inspect trust-dmz Router(config-pmap)#classtype inspect trust-dmz-http Router(config-pmap-c)#inspect %Nospecific protocol configured in class trust-dmz-http for inspection. Allprotocols will be inspected Router(config-pmap-c)#exit Router(config)#access-list121 permit tcp 192.1.1.0 0.0.0.255 host 192.1.3.2 Router(config)#class-maptype inspect match-all trust-notrust Router(config-cmap)#matchaccess-group 121 Router(config-cmap)#matchprotocol http Router(config-cmap)#exit Router(config)#policy-maptype inspect trust-notrust Router(config-pmap)#classtype inspect trust-notrust Router(config-pmap-c)#inspect %Nospecific protocol configured in class trust-notrust for inspection. Allprotocols will be inspected Router(config-pmap-c)#exit Router(config-pmap)#exit Router(config)#access-list131 permit tcp 192.1.2.0 0.0.0.255 host192.1.3.2 Router(config)#class-maptype inspect match-all dmz-notrust Router(config-cmap)#matchaccess-group 131 Router(config-cmap)#matchprotocol http Router(config-cmap)#exit Router(config)#policy-maptype inspect dmz-notrust Router(config-pmap)#classtype inspect dmz-notrust Router(config-pmap-c)#inspect %Nospecific protocol configured in class dmz-notrust for inspection. All protocolswill be inspected Router(config-pmap-c)#exit Router(config-pmap)#exit Router(config)#access-list141 permit tcp 192.1.3.0 0.0.0.255 host192.1.2.2 Router(config)#class-maptype inspect match-all notrust-dmz Router(config-cmap)#matchaccess-group 141 Router(config-cmap)#matchprotocol http Router(config-cmap)#exit Router(config-pmap)#policy-maptype inspect notrust-dmz Router(config-pmap)#classtype inspect notrust-dmz Router(config-pmap-c)#inspect %Nospecific protocol configured in class notrust-dmz for inspection. All protocolswill be inspected Router(config-pmap-c)#exit Router(config-pmap)#exit Router(config)#zonesecurity trust Router(config-sec-zone)#exit Router(config)#zonesecurity notrust Router(config-sec-zone)#exit Router(config)#zonesecurity dmz Router(config-sec-zone)#exit Router(config)#interfacefa 0/0 Router(config-if)#zone-membersecurity trust Router(config-if)#exit Router(config)#interfacefa 0/1 Router(config-if)#zone-membersecurity notrust Router(config-if)#exit Router(config)#interfacefa 1/0 Router(config-if)#zone-membersecurity dmz Router(config-if)#exit Router(config)#zone-pairsecurity trust-dmz source trust destination dmz Router(config-sec-zone-pair)#service-policytype inspect trust-dmz Router(config-sec-zone-pair)#exit Router(config)#zone-pairsecurity trust-notrust source trust destination notrust Router(config-sec-zone-pair)#service-policytype inspect trust-notrust Router(config-sec-zone-pair)#exit Router(config)#zone-pairsecurity notrust-dmz source notrust destination dmz Router(config-sec-zone-pair)#service-policytype inspect notrust-dmz Router(config-sec-zone-pair)#exit Router(config)#zone-pairsecurity dmz-notrust source dmz destination notrust Router(config-sec-zone-pair)#service-policytype inspect dmz-notrust Router(config-sec-zone-pair)#exit Router(config)#

单臂路由不通VLAN间Ping不通?

PC0和PC1能互ping通,也都能Ping通 172.17.1.254,VLAN2 内的任意机子都Ping不通VLAN3的机子。PC2 PC3 能互相Ping通,但是都ping不了172.17.2.254。 以下是拓扑图,路由器R1,交换机SW1,SW2的代码和PC的IP设置。求大佬帮我看看错在哪了 ![图片说明](https://img-ask.csdn.net/upload/201812/26/1545833593_191421.jpg)![图片说明](https://img-ask.csdn.net/upload/201812/26/1545833603_16297.jpg)![图片说明](https://img-ask.csdn.net/upload/201812/26/1545833611_366022.jpg)![图片说明](https://img-ask.csdn.net/upload/201812/26/1545833622_761617.jpg)![图片说明](https://img-ask.csdn.net/upload/201812/26/1545833632_777065.jpg)

如何在三层架构的企业局域网内核心层交换机上配置DHCP实现IP地址自动划分和全网互通

![图片说明](https://img-ask.csdn.net/upload/201904/11/1554961633_497444.png) ![图片说明](https://img-ask.csdn.net/upload/201904/11/1554961888_470378.png) 这是网络拓扑图,VLAN已经划分好,用的是思科模拟器,就是核心层DHCP的命令感觉配的不对,终端PC机一直无法获取到IP,也不能互通,有大佬能告知详细的命令配置吗?

思科正则表达式的Golang转义问号字符

<div class="post-text" itemprop="text"> <p>So, Cisco's regex allows the question mark character. But the catch is that you have to precede typing a question mark with <code>Ctrl-Shift-v</code> in order for it to be interpreted as a question mark and not a help command... <a href="https://www.cisco.com/c/en/us/td/docs/ios/termserv/configuration/guide/15_1/tsv_15_1_book/tsv_reg_express.html#wp1054931" rel="nofollow noreferrer">Link to Cisco regex guidelines</a> </p> <p>I have a Go program that logs into a set of devices and runs a set of commands on each device. When trying to use a regex containing a question mark, though, the Cisco device always interprets the question mark as a help command. Using string literals in Go does not fix the problem nor does sending the command as a slice of bytes.</p> <p>For example, if I try to send the command <code>show boot | include (c|cat)[0-9]+[a-zA-Z]?</code> the Cisco CLI returns </p> <pre><code>switch-1#show boot | include (c|cat)[0-9]+[a-zA-Z]? LINE &lt;cr&gt; switch-1# </code></pre> <p>instead of interpreting the question mark as a regex match of 0 or 1 for the [a-zA-Z] group.</p> <p>However, using the command <code>ssh user@switch-1 'show boot | include (c|cat)[0-9]+[a-zA-Z]?'</code> works as expected and interprets the regex pattern correctly.</p> <p><strong>How can I replicate the behaviour of the ssh command? Is there a way to send <code>Ctrl-Shift-v</code> before each question mark or escape each question mark character?</strong></p> <p>My code as requested:</p> <pre><code>package main import ( "golang.org/x/crypto/ssh" "net" "fmt" "os" "bufio" "time" "golang.org/x/crypto/ssh/terminal" "io" "io/ioutil" "sync" "strings" ) // ReadLines reads a file line-by-line and returns a slice of the lines. func ReadLines(filename string) ([]string, error) { f, err := os.Open(filename) if err != nil { return nil, fmt.Errorf("failed to open file: %v", err) } defer f.Close() var lines []string s := bufio.NewScanner(f) for s.Scan() { lines = append(lines, s.Text()) } if err := s.Err(); err != nil { return nil, err } return lines, nil } // Type Result represents the result of running the Configure method. type Result struct { Host string // Hostname of device Output []byte // Remote shell's stdin and stderr output Err error // Remote shell errors } // Configure logs into a device, starts a remote shell, runs the set of // commands, and waits for the remote shell to return or timeout. func Configure(host string, config *ssh.ClientConfig, cmds []string, results chan&lt;- *Result, wg *sync.WaitGroup) { defer wg.Done() res := &amp;Result{ Host: host, Output: nil, Err: nil, } // Create client connection client, err := ssh.Dial("tcp", net.JoinHostPort(host, "22"), config) if err != nil { res.Err = fmt.Errorf("failed to dial: %v", err) results &lt;- res return } defer client.Close() // Create new session session, err := client.NewSession() if err != nil { res.Err = fmt.Errorf("failed to create session: %v", err) results &lt;- res return } defer session.Close() // Set session IO stdin, err := session.StdinPipe() if err != nil { res.Err = fmt.Errorf("failed to create pipe to stdin: %v", err) results &lt;- res return } defer stdin.Close() stdout, err := session.StdoutPipe() if err != nil { res.Err = fmt.Errorf("failed to create pipe to stdout: %v", err) results &lt;- res return } stderr, err := session.StderrPipe() if err != nil { res.Err = fmt.Errorf("failed to create pipe to stderr: %v", err) results &lt;- res return } // Start remote shell if err := session.RequestPty("vt100", 0, 0, ssh.TerminalModes{ ssh.ECHO: 0, ssh.TTY_OP_ISPEED: 14400, ssh.TTY_OP_OSPEED: 14400, }); err != nil { res.Err = fmt.Errorf("failed to request pseudoterminal: %v", err) results &lt;- res return } if err := session.Shell(); err != nil { res.Err = fmt.Errorf("failed to start remote shell: %v", err) results &lt;- res return } // Run commands for _, cmd := range cmds { if _, err := io.WriteString(stdin, cmd+" "); err != nil { res.Err = fmt.Errorf("failed to run: %v", err) results &lt;- res return } } // Wait for remote commands to return or timeout exit := make(chan error, 1) go func(exit chan&lt;- error) { exit &lt;- session.Wait() }(exit) timeout := time.After(1 * time.Minute) select { case &lt;-exit: output, err := ioutil.ReadAll(io.MultiReader(stdout, stderr)) if err != nil { res.Err = fmt.Errorf("failed to read output: %v", err) results &lt;- res return } res.Output = output results &lt;- res return case &lt;-timeout: res.Err = fmt.Errorf("session timed out") results &lt;- res return } } func main() { hosts, err := ReadLines(os.Args[1]) if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } cmds, err := ReadLines(os.Args[2]) if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } fmt.Fprint(os.Stderr, "Password: ") secret, err := terminal.ReadPassword(int(os.Stdin.Fd())) if err != nil { fmt.Fprintf(os.Stderr, "failed to read password: %v ", err) os.Exit(1) } fmt.Fprintln(os.Stderr) config := &amp;ssh.ClientConfig{ User: "user", Auth: []ssh.AuthMethod{ssh.Password(string(secret))}, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Timeout: 30 * time.Second, } config.SetDefaults() config.Ciphers = append(config.Ciphers, "aes128-cbc", "3des-cbc", "aes192-cbc", "aes256-cbc") results := make(chan *Result, len(hosts)) var wg sync.WaitGroup wg.Add(len(hosts)) for _, host := range hosts { go Configure(host, config, cmds, results, &amp;wg) } wg.Wait() close(results) for res := range results { if res.Err != nil { fmt.Fprintf(os.Stderr, "Error %s: %v ", res.Host, res.Err) continue } fmt.Printf("Host %s %s %s ", res.Host, res.Output, strings.Repeat("-", 50)) } } </code></pre> </div>

2019 Python开发者日-培训

2019 Python开发者日-培训

150讲轻松搞定Python网络爬虫

150讲轻松搞定Python网络爬虫

设计模式(JAVA语言实现)--20种设计模式附带源码

设计模式(JAVA语言实现)--20种设计模式附带源码

YOLOv3目标检测实战:训练自己的数据集

YOLOv3目标检测实战:训练自己的数据集

java后台+微信小程序 实现完整的点餐系统

java后台+微信小程序 实现完整的点餐系统

三个项目玩转深度学习(附1G源码)

三个项目玩转深度学习(附1G源码)

初级玩转Linux+Ubuntu(嵌入式开发基础课程)

初级玩转Linux+Ubuntu(嵌入式开发基础课程)

2019 AI开发者大会

2019 AI开发者大会

玩转Linux:常用命令实例指南

玩转Linux:常用命令实例指南

一学即懂的计算机视觉(第一季)

一学即懂的计算机视觉(第一季)

4小时玩转微信小程序——基础入门与微信支付实战

4小时玩转微信小程序——基础入门与微信支付实战

Git 实用技巧

Git 实用技巧

Python数据清洗实战入门

Python数据清洗实战入门

使用TensorFlow+keras快速构建图像分类模型

使用TensorFlow+keras快速构建图像分类模型

实用主义学Python(小白也容易上手的Python实用案例)

实用主义学Python(小白也容易上手的Python实用案例)

程序员的算法通关课:知己知彼(第一季)

程序员的算法通关课:知己知彼(第一季)

MySQL数据库从入门到实战应用

MySQL数据库从入门到实战应用

机器学习初学者必会的案例精讲

机器学习初学者必会的案例精讲

手把手实现Java图书管理系统(附源码)

手把手实现Java图书管理系统(附源码)

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

.net core快速开发框架

.net core快速开发框架

玩转Python-Python3基础入门

玩转Python-Python3基础入门

Python数据挖掘简易入门

Python数据挖掘简易入门

微信公众平台开发入门

微信公众平台开发入门

程序员的兼职技能课

程序员的兼职技能课

Windows版YOLOv4目标检测实战:训练自己的数据集

Windows版YOLOv4目标检测实战:训练自己的数据集

HoloLens2开发入门教程

HoloLens2开发入门教程

微信小程序开发实战

微信小程序开发实战

Java8零基础入门视频教程

Java8零基础入门视频教程

相关热词 c#跨线程停止timer c#批量写入sql数据库 c# 自动安装浏览器 c#语言基础考试题 c# 偏移量打印是什么 c# 绘制曲线图 c#框体中的退出函数 c# 按钮透明背景 c# idl 混编出错 c#在位置0处没有任何行
立即提问