Access List su Catalyst 3560
Inviato: mar 21 dic , 2010 1:20 pm
Salve a tutti
ho un piccolo problema con un catalyst 3560 in farm.
Provando a modificare l'access list sulla gfeth0/1 (la porta che comunica con internet) sono stato "sbattuto fuori" dal remote deskop.
l'access list รจ la seguente:
access-list 150 permit tcp any any established
access-list 150 permit udp any eq domain host 78.84.206.5
access-list 150 permit udp host 78.84.206.5 any eq domain
access-list 150 permit icmp any any
access-list 150 permit udp any eq ntp host 78.84.200.98 eq ntp
access-list 150 permit tcp any host 78.84.206.5 eq www
access-list 150 permit tcp any host 78.84.206.5 eq ftp
access-list 150 permit tcp any host 78.84.206.5 eq ftp-data
access-list 150 permit udp any host 78.84.206.5 eq domain
access-list 150 permit tcp any host 78.84.206.5 eq 3389
access-list 150 permit udp any host 78.84.206.5 eq 1194
access-list 150 permit tcp any host 78.84.206.7 eq 3389
access-list 150 permit tcp any host 78.84.206.8 eq 3389
access-list 150 permit tcp any host 78.84.206.11 eq 3389
access-list 150 permit tcp any host 78.84.206.12 eq 3389
access-list 150 permit tcp any host 78.84.206.26 eq 3389
access-list 150 permit tcp any host 78.84.206.21 eq 443
access-list 150 permit tcp any host 78.84.206.16 eq 3389
access-list 150 permit tcp any host 78.84.206.17 eq 3389
access-list 150 permit tcp any host 78.84.206.13 eq 3389
access-list 150 permit tcp any host 78.84.206.11 eq www
access-list 150 permit tcp any host 78.84.206.12 eq www
access-list 150 permit tcp any host 78.84.206.21 eq www
access-list 150 permit tcp any host 78.84.206.26 eq www
access-list 150 permit ip 78.84.206.0 0.0.0.31 any
io ho provato da conf a dare i comandi:
no access-list 150 permit tcp any host 78.84.206.5 eq ftp
no access-list 150 permit tcp any host 78.84.206.5 eq ftp-data
access-list 150 permit tcp any host 78.84.206.11 eq ftp
access-list 150 permit tcp any host 78.84.206.11 eq ftp-data
access-list 150 permit tcp any host 78.84.206.6eq 3389
e sono stato sbattuto fuori.
ho dovuto chiamare in farm e farmi resettare il router.
Vorrei evitare un'altra figuraccia :)
per applicare le modifiche alla mia access list e non essere buttoto fuoi come posso fare?
Incollare tutta la access list comprese le mie modifiche? potrebbe funzioanre?
grazie a tutti e a presto
ho un piccolo problema con un catalyst 3560 in farm.
Provando a modificare l'access list sulla gfeth0/1 (la porta che comunica con internet) sono stato "sbattuto fuori" dal remote deskop.
l'access list รจ la seguente:
access-list 150 permit tcp any any established
access-list 150 permit udp any eq domain host 78.84.206.5
access-list 150 permit udp host 78.84.206.5 any eq domain
access-list 150 permit icmp any any
access-list 150 permit udp any eq ntp host 78.84.200.98 eq ntp
access-list 150 permit tcp any host 78.84.206.5 eq www
access-list 150 permit tcp any host 78.84.206.5 eq ftp
access-list 150 permit tcp any host 78.84.206.5 eq ftp-data
access-list 150 permit udp any host 78.84.206.5 eq domain
access-list 150 permit tcp any host 78.84.206.5 eq 3389
access-list 150 permit udp any host 78.84.206.5 eq 1194
access-list 150 permit tcp any host 78.84.206.7 eq 3389
access-list 150 permit tcp any host 78.84.206.8 eq 3389
access-list 150 permit tcp any host 78.84.206.11 eq 3389
access-list 150 permit tcp any host 78.84.206.12 eq 3389
access-list 150 permit tcp any host 78.84.206.26 eq 3389
access-list 150 permit tcp any host 78.84.206.21 eq 443
access-list 150 permit tcp any host 78.84.206.16 eq 3389
access-list 150 permit tcp any host 78.84.206.17 eq 3389
access-list 150 permit tcp any host 78.84.206.13 eq 3389
access-list 150 permit tcp any host 78.84.206.11 eq www
access-list 150 permit tcp any host 78.84.206.12 eq www
access-list 150 permit tcp any host 78.84.206.21 eq www
access-list 150 permit tcp any host 78.84.206.26 eq www
access-list 150 permit ip 78.84.206.0 0.0.0.31 any
io ho provato da conf a dare i comandi:
no access-list 150 permit tcp any host 78.84.206.5 eq ftp
no access-list 150 permit tcp any host 78.84.206.5 eq ftp-data
access-list 150 permit tcp any host 78.84.206.11 eq ftp
access-list 150 permit tcp any host 78.84.206.11 eq ftp-data
access-list 150 permit tcp any host 78.84.206.6eq 3389
e sono stato sbattuto fuori.
ho dovuto chiamare in farm e farmi resettare il router.
Vorrei evitare un'altra figuraccia :)
per applicare le modifiche alla mia access list e non essere buttoto fuoi come posso fare?
Incollare tutta la access list comprese le mie modifiche? potrebbe funzioanre?
grazie a tutti e a presto