3750的访问列表in 与out 的测试

××安全部来检查了说我的列表不好 
我就测试了一下
简单测试访问列表为in 还是out
 同样对外发起连接
 
3750#
no ip access ext vlan6
ip acces ext vlan6
permit ip any host 192.168.73.* 
permit ip any host 192.168.73.*
permit ip any host 192.168.73.*
permit ip any host 192.168.73.*
permit ip any host 192.168.73.*
permit ip any host 255.255.255.255
deny ip any any log-input
interface Vlan6
 ip address 192.168.*******
 ip access-group vlan6 out



测试结果 当方向为Out

012613: Dec  3 06:44:03: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.99(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 1 packet
012614: Dec  3 06:44:24: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.104(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 1 packet

012613: Dec  3 06:44:03: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.99(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 1 packet
012614: Dec  3 06:44:24: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.104(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 1 packet
012615: Dec  3 06:45:08: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 192.168.73.53(0) (Vlan73 0016.e6f6.c341) -> 192.168.79.110(0), 1 packet(有个别的网段捣乱数据包)
012616: Dec  3 06:49:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.99(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 27 packets
012617: Dec  3 06:49:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 203.208.37.104(0) (GigabitEthernet1/0/22 001b.d4db.6920) -> 192.168.79.110(0), 27 packets
 数据包被处理后丢弃


当测试结果为 in 的方向 
30F_3750#sh access-lists guest_vlan6
no ip access ext guest_vlan6
ip acces ext guest_vlan6
   permit ip any host 192.168.*
  permit ip any host 192.168.*
  permit ip any host 192.168.8
 permit ip any host 192.168.*
 permit ip any host 192.168.*9
permit ip any host 255.255.*

   deny ip any any log-input
接口配置interface Vlan6
 ip address 192.168.7****
 ip access-group g_vlan6 in

012639: Dec  3 06:56:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 192.168.79.110(0) (Vlan6 0016.d406.653f) -> 203.208.37.99(0), 6 packets
012640: Dec  3 06:56:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 192.168.79.110(0) (Vlan6 0016.d406.653f) -> 192.168.73.53(0), 8 packets
012641: Dec  3 06:56:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 192.168.79.110(0) (Vlan6 0016.d406.653f) -> 203.208.37.104(0), 6 packets
012642: Dec  3 06:56:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied udp 192.168.79.110(0) (Vlan6 0016.d406.653f) -> 192.168.79.127(0), 7 packets
012643: Dec  3 07:00:26: %SEC-6-IPACCESSLOGP: list guest_vlan6 denied tcp 192.168.73.53(0) (Vlan73 0016.e6f6.c341) -> 192.168.79.110(0), 1 packet
012644: Dec  3 07:01:22: %SEC-6-IPACCESSLOGDP: list guest_vlan6 denied icmp 192.168.79.110 (Vlan6 0016.d406.653f) -> 192.168.56.156 (0/0), 1 packet
数据包没有参与到进程
上一篇:C++构造函数、拷贝构造函数、赋值运算符漫谈(三)——NRV


下一篇:他山之石:Tripwirer系统可监控未知