CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Pages (2): [1] 2 »
smokeyuk007
Junior Member
M
Registered: Jun 2002
Location:
Country: United Kingdom
State:
Certifications:
Working on:
Total Posts: 4
|
|
 access lists
am practising access lists
and am haveing no joy
trying to prevent a pc 192.168.1.101 telneting to a router 192.168.1.200
using extended access list 110
deny any host 192.168.1.101 eq 23
and it can still connect
any 1 any ideas where i am going wrong cheers for any help
Report this post to a moderator
|
|
 10-25-04 01:45 PM
|
|
Mat P
Senior Member
Registered: Nov 2000
Location: Yorkshire
Country: United Kingdom
State:
Certifications: CCIE, CCDP, IPT
Working on: Solaris.
Total Posts: 828
|
|
|
|
10-25-04 04:30 PM
|
|
na_venkatesh2
Junior Member
M
Registered: Oct 2004
Location: mysore
Country: India
State:
Certifications: MCSE ,CCNA
Working on: CCNP
Total Posts: 11
|
|
 Re: access lists
[to a router 192.168.1.200
using extended access list 110
deny any host 192.168.1.101 eq 23
and it can still connect
any 1 any ideas where i am going wrong cheers for any help [/B][/QUOTE]
* check the syntax
* apply to ethernet port router(config-if)access-group in
* (config)#access-list 101 tcp deny any host 192.168.1.101 eq 23
this might solve ur problem
Report this post to a moderator
|
|
|
10-30-04 05:20 AM
|
|
smrkdown
Senior Member
M
Registered: Dec 2003
Location:
Country: United States
State:
Certifications: A+, Network+, Linux+, CCNA
Working on: (3 of 4) CCNP, CCIE
Total Posts: 845
|
|
|
Take Mat's advice.
The extended ACL will use the syntax
access-list list_number permit/deny source destination other_options
If you're wanting to prevent connections from the source 192.168.1.101 (the PC) from accessing the destination 192.168.1.200 (the router) via telnet, you would use
access-list 101 deny tcp host 192.168.1.101 host 192.168.1.200 eq telnet
or
access-list 101 deny tcp 192.168.1.101 0.0.0.0. 192.168.1.200 0.0.0.0. eq 23
or any variation of the two.
You don't want to specify "any" as the source in the ACL unless your intention is to deny telnet traffic from all hosts rather than from just that specific source (the pc).
You'd then apply the access list to the interfaces for inbound traffic.
It'd be better if you'd just create a standard access-list and apply it directly to the VTY lines though. Good luck with your studies.
na_venkatesh2, like the origional poster, you have your source as any and the destination as the PC.
__________________
.:|:.:|:.
Last edited by smrkdown on 10-31-04 at 08:10 PM
Report this post to a moderator
|
|
|
10-30-04 05:36 AM
|
|
na_venkatesh2
Junior Member
M
Registered: Oct 2004
Location: mysore
Country: India
State:
Certifications: MCSE ,CCNA
Working on: CCNP
Total Posts: 11
|
|
|
smark , ur access-list requires a small modification .
when host is represented, the wild card will be 0.0.0.0
access-list 101 deny 192.168.1.101 255.255.255.255 192.168.1.200 255.255.255.255 eq 23
access-list 101 deny 192.168.1.101 0.0.0.0 192.168.1.200 0.0.0.0 eq 23
Ful configuration
router#config t
router (Config)# access-list 101 deny 192.168.1.101 0.0.0.0 192.168.1.200 0.0.0.0 eq 23
router(config)# interface fa0/1
router(config-if)#ip access-group 101 in
if u want to apply for vty line
router(config)#line vty 0 4
router(config-line)#access-class 101 in
good luck
Report this post to a moderator
|
|
|
10-30-04 07:09 AM
|
|
smrkdown
Senior Member
M
Registered: Dec 2003
Location:
Country: United States
State:
Certifications: A+, Network+, Linux+, CCNA
Working on: (3 of 4) CCNP, CCIE
Total Posts: 845
|
|
|
|
10-30-04 02:26 PM
|
|
smokeyuk007
Junior Member
M
Registered: Jun 2002
Location:
Country: United Kingdom
State:
Certifications:
Working on:
Total Posts: 4
|
|
|
|
10-30-04 04:19 PM
|
|
jostein
Junior Member
M
Registered: Oct 2003
Location:
Country: Norway
State:
Certifications: A+, Net+, CCNA, MCSA
Working on: CCNP
Total Posts: 5
|
|
|
|
10-31-04 06:44 PM
|
|
smrkdown
Senior Member
M
Registered: Dec 2003
Location:
Country: United States
State:
Certifications: A+, Network+, Linux+, CCNA
Working on: (3 of 4) CCNP, CCIE
Total Posts: 845
|
|
|
You'll also want to put at least one permit statement at the end of the list such as "access-list 101 permit ip any any"
__________________
.:|:.:|:.
Report this post to a moderator
|
|
|
10-31-04 08:12 PM
|
|
jostein
Junior Member
M
Registered: Oct 2003
Location:
Country: Norway
State:
Certifications: A+, Net+, CCNA, MCSA
Working on: CCNP
Total Posts: 5
|
|
|
|
10-31-04 08:16 PM
|
|
|
Click here for list of CCNA study
guides
Cisco exam notes
CCNA(tm) exam details
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
