Home > Archive > CCNA > October 2002 > access lists





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author access lists
LASIC

2002-10-06, 2:53 pm

hey all i need some threads on access list. ineed to know how to apply acl's to block telnet.what does the in or out command mean when it is applied to an interface?in=incoming traffic?out=out the interface?not sure.would like any advice thanks
vschristopher

2002-10-07, 2:26 am

Hey buddy heres a small example to block telnet from a particular network.

Suppose there are 2 routers connected to each other via serial link.

Router A
E0/0 30.0.0.0
E0/0 40.0.0.0 sec

Router B
E0/0 50.0.0.0
E0/0 60.0.0.0 sec



now we need extended access list to deny telnet from network 30.0.0.0 to network 50.0.0.0

note that we use "outbound" for serial interfaces and "inbound" for ethernet interfaces.

the command we wil use is

#access-list 101 deny tcp 30.0.0.0 0.255.255.255 50.0.0.0 0.255.255.255 eq 23
#acess-list 101 permit ip any any

or you can write

#access-list 101 deny tcp 30.0.0.0 0.255.255.255 50.0.0.0 0.255.255.255 eq telnet
#acess-list 101 permit ip any any

now it shud be bind to an interface

#int s0/0
#ip access-group 101 out

voila ur access list is up and running now ...


i hope u are familiar with the use of wild card masks in access lists.

0 in wild card masks mean to check
255 means dont check

i hope this works for u

chris
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net