网工综述¶
约 873 个字 • 1266 行代码 预计阅读时间 21 分钟
下面是大二下的拉宽带课程
配置操作基于Ruijie二层与三层交换机,可能与竞品、仿真有别
学习实验¶
跨交换机 VLAN 配置¶
跨交换机 VLAN 配置
Switchboard Command
//SW为两层交换机
//进入SW1
en 14
conf ter
hostname 9-SW1-2024
vlan 10
name sales
exit
vlan 20
name tech
exit
inter g 0/5
switch acce vlan 10
exit
inter g 0/15
switch acce vlan 20
exit
inter g 0/24
switch mode trunk
end
show vlan id 10/20
show inter g 0/24 switch
//进入SW2
en 14
conf ter
hostname 9-SW2-2024
vlan 10
name sales
exit
inter g 0/5
switch acce vlan 10
exit
inter g 0/24
switch mode trunk
end
show vlan id 10
show inter g 0/24 switch
//进入PC1/2/3配置IP
//PC1->SW1 g0/5 PC2->SW1 g0/15 PC3-> SW2 g0/5
//进入PC ping
通过 SVI实现 VLAN 之间路由¶
就是 inter 配网关
Switchboard Command
//SW为三层交换机
//进入SW1
en 14
conf ter
hostname 9-SW1-2024
vlan 10
name sales
exit
vlan 20
name tech
exit
inter g 0/1
switch acces vlan 10
exit
inter g 0/2
switch acces vlan 10
exit
inter vlan 10
ip add 192.168.10.1/24
no shutdown
exit
inter vlan 20
ip add 192.168.20.1
no shutdown
end
//进入PC1/2 配置IP 和 网关
//PC1->SW1 g0/1 PC2->SW1 g0/2
STP 交换机优先级设置¶
需要用到的命令
span mode stp
Switchboard Command
//SW为两层交换机
//进入SW1
en 14
conf ter
hostname 9-SW1-2024
span
span mode stp
span prio 4096
exit
//进入SW2
en 14
conf ter
hostname 9-SW2-2024
span
span mode stp
exit
//进入SW3
en 14
conf ter
hostname 9-SW3-2024
span
span mode stp
exit
//连线
SW1 0/1 -> SW2 0/1
SW1 0/2 -> SW3 0/2
SW2 0/2 -> SW3 0/1
//都进入
show span
链路聚合¶
需要用到的命令
- inter agg 1
- Switch mode trunk
Switchboard Command
//SW为两层交换机
//进入SW1
en 14
conf ter
hostname 9-SW1-2024
vlan 10
name sales
exit
inter g 0/5
switch acce vlan 10
exit
inter agg 1
switch mode trunk
exi
inter ran g 0/1-2
port 1
exit
end
show agg 1 sum
//进入SW2
en 14
conf ter
hostname 9-SW2-2024
vlan 10
name sales
exit
inter g 0/5
switch acce vlan 10
exit
inter agg 1
switch mode trunk
exi
inter ran g 0/1-2
port 1
exit
end
show agg 1 sum
配置端口安全¶
拓扑图
需要用到的命令
- swi mode acce
- swi port-se
- swi port-se mac xxxx.xxxx.xxxx
- swi port max 1
- siw port vio shutdown
Switchboard Command
//进入SW1
show run
conf ter
host 9-SW1-2024
inter g0/1
swi mode acce
swi port-se
swi port-se mac xxxx.xxxx.xxxx
swi port max 1
siw port vio shutdown
end
配置静态路由¶
拓扑图
R 中若无法执行 ip add ,则先执行 no sw
Switchboard Command
//进入R1
conf ter
host 9-R1-2024
inter g 0/1
ip add 172.16.1.1 255.255.255.0
no shutdown
exi
inter ser 2/0
ip add 172.16.2.1 255.255.255.0
clock rate 64000
no shutdown
show ip inter bri
show ip inter ser 2/0
exi
ip rou 172.16.3.0 255.255.255.0 172.16.2.2//静态路由
show ip route
//进入R2
conf ter
host 9-R2-2024
inter g 0/1
ip add 172.16.3.2 255.255.255.0
no shutdown
exi
inter ser 2/0
ip add 172.16.2.2 255.255.255.0
clock rate 64000
no shutdown
show ip inter bri
show ip inter ser 2/0
exi
ip rou 172.16.1.0 255.255.255.0 172.16.2.1//静态路由
show ip route
PC1 172.16.1.11/24 172.16.1.1
PC2 172.16.3.22/24 172.16.3.2
PC1 <-> R1 g0/1
PC2 <-> R2 g0/1
Ser端口不用接
vrrp--路由器的 stp¶
拓扑图
需要用到的命令
- vrrp 10 ip
- vrrp 10 prio 120
Switchboard Command
//进入SW2
conf ter
show run
host 9-SW2-2024
vlan 30
name sales
exi
inter ran 0/6-10
switch acce vlan 30
exi
inter vlan 30
ip add 172.16.1.3 255.255.255.0
no shut
exit
//进入R1
...
前面省略
...
inter g0/0
no sw
ip add 192.168.1.1 255.255.255.0
no shut
exi
inter g0/1
no sw
ip add 172.16.1.1 255.255.255.0
no shut
exi
//进入R2
...
前面省略
...
inter g0/0
no sw
ip add 192.168.1.2 255.255.255.0
no shut
exi
inter g0/1
no sw
ip add 172.16.1.2 255.255.255.0
no shut
exi
//配置路由表
//进入SW2
...
前面省略
...
ip rou 0.0.0.0 0.0.0.0 172.16.1.1
ip rou 0.0.0.0 0.0.0.0 172.16.1.2
//进入R1
ip rou 0.0.0.0 0.0.0.0 172.16.1.3
inter g0/0
vrrp 10 ip 192.168.1.254
vrrp 10 prio 120
exit
show vrrp bri
//进入R2
ip rou 0.0.0.0 0.0.0.0 172.16.1.3
inter g0/0
vrrp 10 ip 192.168.1.254
exit
show vrrp bri
PC ip 192.168.1.10/24 192.168.1.254
//连线
PC <-> SW1 g0/1
SW1 g0/3 <-> R1 g0/0
SW1 g0/5 <-> R2 g0/0
R1 g0/1 <-> SW2 g0/6
R2 g0/1 <-> SW2 g0/8
internetPC <-> SW2 g0/10
Rip 自动配路由表¶
拓扑图
需要用到的命令
- rou rip
- net your_local_ip
- ver 2
- no auto-sum
- exit
Switchboard Command
//进入SW1
...
前面省略
...
vlan 50
name inter
exit
vlan 10
name outer
exit
inter g0/5
switch acce vlan 50
exit
inter g0/1
swi acce vlan 10
inter vlan 50
ip add 172.16.5.1 255.255.255.0
no shut
exit
inter vlan 10
ip add 172.16.1.2 255.255.255.0
end
show vlan
show ip inter bri
//进入R1
...
前面省略
...
inter g0/1
no sw
ip add 172.16.1.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 172.16.2.1 255.255.255.0
clock rate 64000
no shut
end
show ip inter bri
//进入R2
...
前面省略
...
inter g0/1
no sw
ip add 172.16.3.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 172.16.2.2 255.255.255.0
clock rate 64000
no shut
end
show ip inter bri
//验证初始路由情况
show ip rou
//配置rip
//SW1
...
前面省略
...
rou rip
net 172.16.5.0
net 172.16.1.0
ver 2
end
//R1
rou rip
net 172.16.1.0
net 172.16.2.0
ver 2
no auto-sum
end
//R2
rou rip
net 172.16.2.0
net 172.16.3.0
ver 2
no auto-sum
end
//再次检查route
show ip rou
//PC 配置以及连接见下拓扑图
OSPF¶
拓扑图
需要用到的命令
- rou ospf 10
- Rou-id 1.1.1.1
- net 192.168.1.0 0.0.0.255 area 0
- net 192.168.2.0 0.0.0.255 area 0
- exit
Switchboard Command
//R1
...
前面省略
...
inter g0/0
no sw
ip add 192.168.1.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 192.168.2.1 255.255.255.0
clo rate 64000
no shut
end
show ip inter bri
show ip rou
//R2
...
前面省略
...
inter g0/0
no sw
ip add 192.168.3.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 192.168.2.2 255.255.255.0
clo rate 64000
no shut
end
show ip inter bri
show ip rou
//配置ospf
//R1
...
前面省略
...
rou ospf 10
rou 1.1.1.1
net 192.168.1.0 0.0.0.255 area 0
net 192.168.2.0 0.0.0.255 area 0
end
//R2
...
前面省略
...
rou ospf 10
rou 2.2.2.2
net 192.168.3.0 0.0.0.255 area 0
net 192.168.2.0 0.0.0.255 area 0
end
//再次检查route
show ip rou
//PC 配置以及连接见下拓扑图
NAT¶
拓扑图
需要用到的命令
- inter g0/1
- ip nat in
- exit
- inter ser 2/0
- ip nat out
- exit
- ip nat pool web 172.16.8.5 172.16.8.5 netmask 255.255.255.0 //创建转换池
- acce 3 permit host 200.1.8.7 //公网 IP
- ip nat in destination list 3 pool web //IP
- ip nat in source static tcp 172.16.8.5 80 200.1.8.7 80 //端口
Switchboard Command
//进入R2
conf ter
host 9-R2-2024
inter g0/1
ip add 63.19.6.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 200.1.8.8 255.255.255.0
clock rate 64000
no shut
exi
ip rou 0.0.0.0 0.0.0.0 200.1.8.7
//进入LR1
conf ter
host 9-LR1-2024
inter g0/1
ip add 172.16.8.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 200.1.8.7 255.255.255.0
clock rate 64000
no shut
exi
ip rou 0.0.0.0 0.0.0.0 ser 2/0 //200.1.8.8
//继续配置nat
inter g 0/1
ip nat in
exi
inter ser 2/0
ip nat out
exi
ip nat pool web 172.16.8.5 172.16.8.5 netmask 255.255.255.0 //创建转换池
acce 3 permit host 200.1.8.7 //公网IP
ip nat in destination list 3 pool web //IP
ip nat in source static tcp 172.16.8.5 80 200.1.8.7 80 //端口
连线如下
注意200.1.8.7 200.1.8.8
WEB服务器见电脑 /user/下载/WEB.exe
PPP PAP¶
拓扑图
需要用到的命令
- 请求方
- inter ser 2/0
- encap ppp
- ppp pap sent Ra pass 0 star
- 应答方
- user Ra pass 0 star
- Inter ser 2/0
- Encap ppp
- Ppp auth pap
Switchboard Command
//R1
...
前面省略
...
inter g0/1
no sw
ip add 2.2.2.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 1.1.1.1 255.255.255.0
clo rate 64000
no shut
end
ip rou 3.3.3.0 255.255.255.0 1.1.1.2
inter ser 2/0
encap ppp
ppp pap sent Ra pass 0 star
//R2
...
前面省略
...
inter g0/1
no sw
ip add 3.3.3.1 255.255.255.0
no shut
exi
inter ser 2/0
ip add 1.1.1.2 255.255.255.0
clo rate 64000
no shut
end
ip rou 2.2.2.0 255.255.255.0 1.1.1.1
uesr Ra pass 0 star
inter ser 2/0
encap ppp
ppp auth pap
//断开
//进入R2
no user Ra
inter ser 2/0
no encap
//PC 配置以及连接见下拓扑图
ACL¶
拓扑图
需要用到的命令
- acce 1 deny 172.16.2.0 0.0.0.255
- acce 1 permit 172.16.1.0 0.0.0.255
- inter g 0/0
- ip acce 1 out
Switchboard Command
//进入R1
inter g0/0
no sw
ip add 172.16.1.1 255.255.255.0
no shut
exi
inter g0/1
no sw
ip add 172.16.2.1 255.255.255.0
no shut
exi
inter ser 2/0
no sw
ip add 172.16.3.1 255.255.255.0
clock rate 64000
no shut
exit
ip rou 172.16.4.0 255.255.255.0 172.16.3.2
//进入R2
inter g0/0
no sw
ip add 172.16.4.1 255.255.255.0
no shut
exi
inter ser 2/0
no sw
ip add 172.16.2.2 255.255.255.0
clock rate 64000
no shut
exi
ip rou 172.16.2.0 255.255.255.0 172.16.3.1
ip rou 172.16.1.0 255.255.255.0 172.16.3.1
acce 1 deny 172.16.2.0 0.0.0.255
acce 1 per 172.16.1.0 0.0.0.255
inter g0/0
ip acce 1 out
园区大实验¶
拓扑图
第一部分¶
在 4 台交换机上创建 VLAN 10/20/30,分别命名为 yewubu、 caiwubu、zonghebu
Switchboard Command
//S2_1
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
//S2_2
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
//S3_1
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
//S3_2
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
在交换机 S2_1、 S2_2 上分别将 6~10 端口、 11~15 端口、 16~20 端口划分到 VLAN 10/20/30 中
Switchboard Command
//S2_1
conf ter
inter ran g 0/6-10
swi mode acce
swi acce vlan 10
exi
inter ran g 0/11-15
swi mode acce
swi acce vlan 20
exi
inter ran g 0/16-20
swi mode acce
swi acce vlan 30
exi
end
//S2_2
conf ter
inter ran g 0/6-10
swi mode acce
swi acce vlan 10
exi
inter ran g 0/11-15
swi mode acce
swi acce vlan 20
exi
inter ran g 0/16-20
swi mode acce
swi acce vlan 30
exi
end
把 S2_1 与 S2_2 上连 S3_1 与 S3_2 的端口设置为 Trunk 模式
将两台三层交换机之间的 G0/1 和 G0/1 端口配置为聚合端口
在 4 台交换机上配置 RSTP, 指定 S3_1 和 S3_2 分别为根网桥和备份根网桥
在接入交换机的 access 链路上实现端口安全, 最大连接数量为 4 个,当违例产生时, 将关闭端口并发送一个 Trap 通知
第一部分代码整合
Switchboard Command
//S2_1
(en
ruijie)
confi ter
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
conf ter
inter ran g 0/6-10
swi mode acce
swi acce vlan 10
exi
inter ran g 0/11-15
swi mode acce
swi acce vlan 20
exi
inter ran g 0/16-20
swi mode acce
swi acce vlan 30
exi
end
confi ter
interface range gigabitEthernet 0/1-2
switch mode trunk
exi
end
confi ter
spanning-tree
spanning-tree mode rstp
end
confi ter
inter range g 0/6-20
switch mode acc
switch port-sec
switch port-sec max 4
switch port-sec violation shut
end
//S2_2
(en
ruijie)
confi ter
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
conf ter
inter ran g 0/6-10
swi mode acce
swi acce vlan 10
exi
inter ran g 0/11-15
swi mode acce
swi acce vlan 20
exi
inter ran g 0/16-20
swi mode acce
swi acce vlan 30
exi
end
confi ter
inter range g 0/1-2
switch mode trunk
exi
end
confi ter
spanning-tree
spanning-tree mode rstp
end
confi ter
inter range g 0/6-20
switch mode acc
switch port-sec
switch port-sec max 4
switch port-sec violation shut
end
//S3_1
(en
ruijie)
confi ter
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
confi ter
inter range g 0/3-4
switch mode trunk
exi
inter range g 0/1-2
port-group 1
exi
inter agg 1
switch mode trunk
exi
spanning-tree
spanning-tree mode rstp
spanning-tree priority 8192
end
//S3_2
(en
ruijie)
confi ter
vlan 10
name yewubu
exi
vlan 20
name caiwubu
exi
vlan 30
name zonghebu
exi
end
confi ter
inter range g 0/3-4
switch mode trunk
exi
inter range g 0/1-2
port-group 1
exi
inter agg 1
switch mode trunk
exi
spanning-tree
spanning-tree mode rstp
spanning-tree priority 16384
end
第二部分¶
在三层交换机上配置 SVI 实现 VLAN 间的路由
Switchboard Command
//S3_1
conf ter
inter vlan 10
ip add 192.168.10.1 255.255.255.0
no shut
exi
inter vlan 20
ip add 192.168.20.1 255.255.255.0
no shut
exi
inter vlan 30
ip add 192.168.30.1 255.255.255.0
no shut
exi
end
//S3_2
conf ter
inter vlan 10
ip add 192.168.10.2 255.255.255.0
no shut
exi
inter vlan 20
ip add 192.168.20.2 255.255.255.0
no shut
exi
inter vlan 30
ip add 192.168.30.2 255.255.255.0
no shut
exi
end
conf ter
inter g 0/24
no sw
ip add 20.2.2.2 255.255.255.0
no shut
exi
end
在三层交换机的路由端口、 Ra 和 Rb 及模拟 Internet 的路由器上配置接口 IP 地址
Switchboard Command
//S3_1
conf ter
inter g 0/24
no sw
ip add 10.1.1.2 255.255.255.0
no shut
exi
end
//S3_2
conf ter
inter g 0/24
no sw
ip add 20.2.2.2 255.255.255.0
no shut
exi
end
//Ra
conf ter
host Ra
inter g 0/0
ip add 10.1.1.1 255.255.255.0
no shut
exi
inter g0/1
ip add 20.2.2.1 255.255.255.0
no shut
exi
inter ser2/0
no sw
ip add 192.168.1.1 255.255.255.0
clo rate 64000
no shut
exi
end
//Rb
conf ter
host Rb
inter ser 2/0
ip add 192.168.1.2 255.255.255.0
clock rate 64000
no shut
exi
inter g0/0
no sw
ip add 201.10.8.1 255.255.255.0
no shut
exi
end
//Internet
conf ter
inter g0/0
no sw
ip add 201.10.8.2 255.255.255.0
no shut
exi
inter loopback 0
ip add 201.1.1.1.1 255.255.255.0
no shut
exi
end
第二部分代码整合
Switchboard Command
//S3_1
conf ter
inter vlan 10
ip add 192.168.10.1 255.255.255.0
no shut
exi
inter vlan 20
ip add 192.168.20.1 255.255.255.0
no shut
exi
inter vlan 30
ip add 192.168.30.1 255.255.255.0
no shut
exi
end
conf ter
inter g 0/24
no sw
ip add 10.1.1.2 255.255.255.0
no shut
exi
end
//S3_2
conf ter
inter vlan 10
ip add 192.168.10.2 255.255.255.0
no shut
exi
inter vlan 20
ip add 192.168.20.2 255.255.255.0
no shut
exi
inter vlan 30
ip add 192.168.30.2 255.255.255.0
no shut
exi
end
conf ter
inter g 0/24
ip add 20.2.2.2 255.255.255.0
no shut
exi
end
//Ra
en 15
Wl123456
conf ter
host Ra
inter g 0/0
ip add 10.1.1.1 255.255.255.0
no shut
exi
inter g0/1
ip add 20.2.2.1 255.255.255.0
no shut
exi
inter ser2/0
no sw
ip add 192.168.1.1 255.255.255.0
clo rate 64000
no shut
exi
end
conf ter
inter ser 2/0
encap ppp
ppp pap sent Ra pass 0 123
exi
end
//Rb
en 15
Wl123456
conf ter
host Rb
inter ser 2/0
ip add 192.168.1.2 255.255.255.0
clock rate 64000
no shut
exi
inter g0/0
no sw
ip add 201.10.8.1 255.255.255.0
no shut
exi
end
conf ter
user Ra pass 0 123
inter ser 2/0
encap ppp
ppp authen pap
exi
end
//Internet
conf ter
inter g0/0
no sw
ip add 201.10.8.2 255.255.255.0
no shut
exi
inter loopback 0
ip add 201.1.1.1.1 255.255.255.0
no shut
exi
end
第三部分¶
运用 RIPv2 路由协议, 在企业内网实现全网路由互通, 用静态路由实现企业内网到互联网的访问
Switchboard Command
//S3_1
conf ter
rou rip
ver 2
net 10.1.1.0
net 192.168.10.0
net 192.168.20.0
net 192.168.30.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 10.1.1.1
exi
end
//S3_2
conf ter
rou rip
ver 2
net 20.2.2.0
net 192.168.10.0
net 192.168.20.0
net 192.168.30.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 20.2.2.1
exi
end
//Ra
conf ter
rou rip
ver 2
net 20.2.2.0
net 10.1.1.0
net 192.168.1.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 192.168.1.2
exi
end
//Rb
conf ter
rou rip
ver 2
net 192.168.1.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 201.10.8.2
exi
end
在路由器 Rb 上做 NAT 实现内网对外网的访问, 可用的公网地址包括 201.10.8.3/24~201.10.8.10/24
Switchboard Command
//Rb
conf ter
inter ser 2/0
ip nat in
exi
inter g0/0
ip nat out
exi
acce 1 permit 192.168.10.0 0.0.0.255
acce 1 permit 192.168.20.0 0.0.0.255
acce 1 permit 192.168.30.0 0.0.0.255
ip nat pool inter 201.10.8.3 201.10.8.10 netmask 255.255.255.0
ip nat in source list 1 pool inter
exi
end
为了控制内网对互联网的访问, 在路由器 Rb 上做访问控制列表
Switchboard Command
//Rb
conf ter
access-list 101 deny ip192.168.20.0 0.0.0.255 any
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq www
access-list 101 permit tcp192.168.30.0 0.0.0.255 any eq www
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq ftp
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq ftp-data
access-list 101 deny tcp192.168.10.0 0.0.0.255 any
access-list 101 deny tcp192.168.30.0 0.0.0.255 any
access-list 101 permit ip anyany
interface serial 2/0
ip access-group 101 in
exi
end
第三部分代码整合
Switchboard Command
//S3_1
conf ter
rou rip
ver 2
net 10.1.1.0
net 192.168.10.0
net 192.168.20.0
net 192.168.30.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 10.1.1.1
exi
end
//S3_2
conf ter
rou rip
ver 2
net 20.2.2.0
net 192.168.10.0
net 192.168.20.0
net 192.168.30.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 20.2.2.1
exi
end
//Ra
conf ter
rou rip
ver 2
net 20.2.2.0
net 10.1.1.0
net 192.168.1.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 192.168.1.2
exi
end
//Rb
conf ter
rou rip
ver 2
net 192.168.1.0
no auto-sum
exi
ip rou 0.0.0.0 0.0.0.0 201.10.8.2
exi
end
conf ter
inter ser 2/0
ip nat in
exi
inter g0/0
ip nat out
exi
acce 1 permit 192.168.10.0 0.0.0.255
acce 1 permit 192.168.20.0 0.0.0.255
acce 1 permit 192.168.30.0 0.0.0.255
ip nat pool inter 201.10.8.3 201.10.8.10 netmask 255.255.255.0
ip nat in source list 1 pool inter
exi
end
conf ter
access-list 101 deny ip192.168.20.0 0.0.0.255 any
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq www
access-list 101 permit tcp192.168.30.0 0.0.0.255 any eq www
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq ftp
access-list 101 permit tcp192.168.10.0 0.0.0.255 any eq ftp-data
access-list 101 deny tcp192.168.10.0 0.0.0.255 any
access-list 101 deny tcp192.168.30.0 0.0.0.255 any
access-list 101 permit ip anyany
interface serial 2/0
ip access-group 101 in
exi
end