锐捷:接口acl vlan下acl 全局acl故障现象:vlan下配置的acl失效配置的acl规则ip access-list extended deny_by_820 permit ip host 192.168.8.22 192.168.10.0 0.0.0.25560 permit ip 192.168.8.0 0.0.0.255 host 192.168.20.1890 permit tcp 192.168.8.0 0.0.0.255 192.168.9.0 0.0.0.255 eq 99991001 deny ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.255.2551002 deny ip 192.168.8.0 0.0.0.255 172.16.0.0 0.15.255.2551003 deny ip 192.168.8.0 0.0.0.255 10.0.0.0 0.255.255.255vlan接口下引用acl!interface VLAN 8description onesecip access-group deny_by_8 inip address 192.168.8.10 255.255.255.0!查看到的原因,是接口下遗留名为jishu的历史acl,删掉就好了RuiJie(config-ext-nacl)#show arp de 192.168.8.102IP Address MAC Address Type Age(min) Interface Port SubVlan192.168.8.102 ba86.88be.8b8e Dynamic 1 VLAN 10 Te0/7 10RuiJie(config-ext-nacl)#show run int te0/7Building configuration...Current configuration: 115 bytesinterface TenGigabitEthernet 0/7switchport mode trunkip access-group jishu inip access-group jishu outRuiJie#show access-lists jishuip access-list extended jishu10 permit ip host 192.168.8.1 host 192.168.20.12020 permit ip host 192.168.20.120 host 192.168.8.130 permit ip any any (46357001755 matchs)
- 微信扫一扫
- 复制链接
手机扫一扫进行分享
