我在配置了这样一个访问列表,
Access-list 102 deny tcp any lt 1024 any
access-list 102 permit tcp any any
但是却不能ping对方网段,我想把1024以下的端口全部封了,但能ping通对方,该如何配置用的是静态路由配置文件如下(部分)
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service passWord-encryption
!
hostname fenghua02
!
enable secret 5 $1$SGEA$bcQ2n0TKJ4zbIzEy.lpci1
!
chat-script backup ABORT ERROR ABORT BUSY ABORT "" "ATDT 7718690" TIMEOUT 30 CPc
!
!
process-max-time 200
!
interface Ethernet0/0
ip address 199.1.1.0 255.255.255.0
no ip redirects
no ip directed-broadcast
standby 1 priority 110
standby 1 preempt standby 1 authentication cisco
standby 1 ip 132.5.1.155
!
interface Ethernet0/1
no ip address
shutdown
...
interface Serial1/6
ip address 10.1.1.12 255.255.255.0
no ip redirects
ip access-group 102 ininterface Async65
!
ip address 137.5.250.2 255.255.0.0
encapsulation ppp
dialer in-band
dialer string 320012
async default routing
async mode dedicated
!
...
ip classless
ip route 199.1.1.0 255.255.255.0 10.1.1.11
!
access-list 102 deny tcp any lt 1024 any
access-list 102 permit tcp any any
!