内網能夠通路外網，外網不能通路内網！（ACL）

1.搭建的拓撲圖

2.配置指令：

r7(config)#ip access-list extended ref_gjp

r7(config-ext-nacl)#permit ip 192.168.1.0 0.0.0.255 any reflect ref_gjp1

r7(config-ext-nacl)#exit

r7(config)#ip access-list extended ref_gjp2

r7(config-ext-nacl)#evaluate ref_gjp1

r7(config)#int f1/0

r7(config-if)#ip access-group ref_gjp out

r7(config-if)#ip access-group ref_gjp2 in

r7(config-if)#end

3. 配置截圖：

測試:

r7#show ip access-list

extended ip access list ref_gjp

10 permit ip 192.168.1.0 0.0.0.255 any reflect ref_gjp1 (41 matches)

reflexive ip access list ref_gjp1

permit icmp host 192.168.101.128 host 192.168.1.10 (14 matches) (time left 240)

extended ip access list ref_gjp2

10 evaluate ref_gjp1

(如有誤，請多多指教！)