CCNA - Block Uper half 2 ports

Author

Block Uper half 2 ports

2001-01-26, 1:56 pm

Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

2001-01-26, 4:09 pm

The question about blocking the upper/lower half of a subnet was answered in great detail a few days back. If you want to apply access list xxx to two ports, do a "ip access-group xxx" on each port.

Cheers!

2001-01-26, 4:42 pm

quote:
Originally posted by Bear:
Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

dmaftei
Would you please email me your response
I can not see it on the web site
I am real desprate for this info

my email is jhenley@esc11.net
thanks

2001-01-26, 5:05 pm

http://www.examnotes.net/ubb/Forum8/HTML/002705.html

Do yourself a favor: spend a few minutes to learn how to search in this forum.

Cheers!

[This message has been edited by dmaftei (edited 01-26-2001).]

2001-01-26, 5:32 pm

Could some please show me the steps. I could not get it to work putting ip access-group 101 in on 2 ports.

2001-01-26, 5:43 pm

Show us the "access-list 101" you're using.

The hosts you want to deny/permit are 172.17.2.168 - 172.17.2.190, and 172.17.2.129 - 172.17.2.159 (i.e., hosts attached to eth0 on router A), respectively, right?

Finally, why on earth do you need to do this deny upper half, permit lower half stuff?!

[This message has been edited by dmaftei (edited 01-26-2001).]

2001-01-26, 6:20 pm

quote:
Originally posted by dmaftei:
Show us the "access-list 101" you're using.

The hosts you want to deny/permit are 172.17.2.168 - 172.17.2.190, and 172.17.2.129 - 172.17.2.159 (i.e., hosts attached to eth0 on router A), respectively, right?
yes this correct
access-list 101 deny tcp 171.17.2.160 0.0.0.31 171.17.15.1.0 not sure after this

Finally, why on earth do you need to do this deny upper half, permit lower half stuff?!

[This message has been edited by dmaftei (edited 01-26-2001).]

2001-01-26, 6:43 pm

Practicing quoting?!

2001-01-26, 7:10 pm

quote:
Originally posted by Bear:
Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

I guess I'm doing this as an intellectual exercise, because you certainly don't cooperate to solve your own problem...

You can do this on router A:

access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.12.66 eq 23
access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.15.1 eq 23
access-list 199 permit ip any any

Next you apply access list 199 on eth0 inbound (best):
int eth0
ip access-group 199 in

OR on ser0 outbound:
int ser0
ip access-group 199 out

You can also do it on router B: configure the same access list and apply it inbound on ser0

Cheers!

2001-01-26, 8:02 pm

[QUOTE]Originally posted by dmaftei:
I guess I'm doing this as an intellectual exercise, because you certainly don't cooperate to solve your own problem...

You can do this on router A:

access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.12.66 eq 23
access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.15.1 eq 23
access-list 199 permit ip any any

Next you apply access list 199 on eth0 inbound (best):
int eth0
ip access-group 199 in

OR on ser0 outbound:
int ser0
ip access-group 199 out

You can also do it on router B: configure the same access list and apply it inbound on ser0

Cheers![/Q
that bocked evry thing I need to block 160-190 and let 129-159 get in

2001-01-26, 8:09 pm

quote:
Originally posted by Bear:
that bocked evry thing I need to block 160-190 and let 129-159 get in

Well, I guess you'll have to do it yourself...

2001-01-26, 11:19 pm

quote:
Originally posted by Bear:
Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host

129-159 get through.

It did work I had another problem.
I did no realize the you could keep writeing
acl 101 and just change the destination port address
I assume if you are bloking ports the other routers that you can continue to writ it the same way and just change the des address on each port is this correct
Thanks a lot Bear

2001-01-26, 11:44 pm

[This message has been edited by dmaftei (edited 01-26-2001).]

2001-01-27, 1:05 am

Don't these threads ever crawl off and die?!?!

Bad thread. Bad BAD thread!

MadChef

2001-01-27, 4:58 am

quote:
Originally posted by MadChef:
Don't these threads ever crawl off and die?!?!

Bad thread. Bad BAD thread!

MadChef

I got a page requesting an emergency lobotomy on this thread. Just one small slip of the scalpel ......

doctorkevork ... oops
doctorcisco

------------------
Silicon is made from sand; nothing made from sand is allowed to wreck my day!

Sponsored Links