MSR56-60路由器 undo ip http 后,测试发现http 80端口还是通的,通过ACL限制源IP发现也没有效果,是什么原因
[R1_]display ip http
HTTP port: 80
ACL: 2002(basic)
Operation status : Disabled
[R1_]display ip https
HTTPS port: 443
SSL server policy : Not configured
Certificate access-control-policy : Not configured
ACL: 2002(basic)
Operation status : Disabled
[R1_]dis acl 2002
Basic IPv4 ACL 2002, 2 rules,
http&https-src
ACL's step is 5
rule 1 permit source 1.2.3.4 0
rule 5 deny
[R1_]dis ver
[R1_]dis version
H3C Comware Software, Version 7.1.064, Release 0809P33
Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.
H3C MSR56-60 uptime is 24 weeks, 5 days, 20 hours, 38 minutes
Last reboot reason : Power on
Boot image: cfa0:/msr56-cmw710-boot-r0809p33.bin
Boot image version: 7.1.064P80, Release 0809P33
Compiled Nov 20 2020 16:00:00
System image: cfa0:/msr56-cmw710-system-r0809p33.bin
System image version: 7.1.064, Release 0809P33
Compiled Nov 20 2020 16:00:00
Slot 0: MPU-100 uptime is 24 weeks, 5 days, 20 hours, 38 minutes
Last reboot reason : Power on
CPU ID: 0x3
2G bytes DDR3 SDRAM Memory
8M bytes Flash Memory
PCB Version: 2.0
CPLD Version: 3.0
Basic BootWare Version: 1.71
Extended BootWare Version: 1.71
(0)
看了,ACL,没有匹配上 ,我换成 3007 高级的也没有匹配上。
[R1_]display acl 2002
Basic IPv4 ACL 2002, 2 rules,
http&https-src
ACL's step is 5
rule 1 permit source 1.2.3.4 0
rule 5 deny
[R1_]display acl 3007
Advanced IPv4 ACL 3007, 2 rules,
ACL's step is 5
rule 0 permit ip source 1.2.3.4 0
rule 10 deny ip
(0)
如果是有MPLS VPN的环境,ACL的匹配策略中需要绑定VPN实例。
其次可考虑修改HTTP的登录端口。
同时看下路由器的软件版本是否最新,可考虑升级到最新。
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
是的,ACL没有匹配上,但是我写的是any,限制所有
方便的时候升级到最新版本再看一下