kongou-ae
6/4/2014 - 1:04 PM
The test of ACL 2
The test of ACL 2
gw#show running-config interface vlan 500
Load for five secs: 47%/0%; one minute: 9%; five minutes: 7%
Time source is NTP, 21:59:00.018 JST Wed Jun 4 2014
Building configuration...
Current configuration : 446 bytes
!
interface Vlan500
ip address 192.168.1.254 255.255.255.0
ip access-group 2001 in
ip access-group 2001 out
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1414
ipv6 address FE80::D0:3211:1:BEAF link-local
ipv6 address xxxx:xx:3211:1::BEAF/64
ipv6 enable
ipv6 mtu 1280
ipv6 nd other-config-flag
ipv6 nd ra interval 5 3
ipv6 dhcp server local-ipv6-dns
ipv6 traffic-filter firewall out
end
gw#
gw#show access-lists 2001
Load for five secs: 5%/0%; one minute: 5%; five minutes: 6%
Time source is NTP, 22:02:37.366 JST Wed Jun 4 2014
Extended IP access list 2001
20 deny icmp any any log (33 matches)
30 permit ip any any (30684 matches)
gw#
gw#
FGT50Bxxxxxxxx (VLAN-2) # show
config system interface
edit "VLAN-2"
set vdom "root"
set ip 192.168.2.200 255.255.255.0
set allowaccess ping https ssh snmp
set interface "internal"
set vlanid 2
next
end
#
FGT50Bxxxxxxxx (root) # execute ping-options source 192.168.2.200
FGT50Bxxxxxxxx (root) # execute ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=0.5 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=255 time=0.5 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=255 time=0.5 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=255 time=0.5 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=255 time=0.5 ms
--- 192.168.1.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms
FGT50B3G08625936 (root) #
gw#show access-lists 2001
Load for five secs: 5%/0%; one minute: 5%; five minutes: 6%
Time source is NTP, 22:03:08.528 JST Wed Jun 4 2014
Extended IP access list 2001
20 deny icmp any any log (33 matches)
30 permit ip any any (30847 matches)