Block Uper half 2 ports

Author

Block Uper half 2 ports

Bear
Member

Registered: May 2000
Location: Weatherford, tx usa
Country:
State:
Certifications:
Working on:

Total Posts: 38

Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

Report this post to a moderator

01-26-01 06:56 PM

Click here to Send Bear a Private Message

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

The question about blocking the upper/lower half of a subnet was answered in great detail a few days back. If you want to apply access list xxx to two ports, do a "ip access-group xxx" on each port.

Cheers!

Report this post to a moderator

01-26-01 09:09 PM

Click here to Send dmaftei a Private Message

IP: Logged

Bear
Member

Registered: May 2000
Location: Weatherford, tx usa
Country:
State:
Certifications:
Working on:

Total Posts: 38

quote:
Originally posted by Bear:
Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

dmaftei
Would you please email me your response
I can not see it on the web site
I am real desprate for this info

my email is jhenley@esc11.net
thanks

Report this post to a moderator

01-26-01 09:42 PM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

http://www.examnotes.net/ubb/Forum8/HTML/002705.html

Do yourself a favor: spend a few minutes to learn how to search in this forum.

Cheers!

[This message has been edited by dmaftei (edited 01-26-2001).]

Report this post to a moderator

01-26-01 10:05 PM

IP: Logged

Bear
Member

Registered: May 2000
Location: Weatherford, tx usa
Country:
State:
Certifications:
Working on:

Total Posts: 38

Could some please show me the steps. I could not get it to work putting ip access-group 101 in on 2 ports.

Report this post to a moderator

01-26-01 10:32 PM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

Show us the "access-list 101" you're using.

The hosts you want to deny/permit are 172.17.2.168 - 172.17.2.190, and 172.17.2.129 - 172.17.2.159 (i.e., hosts attached to eth0 on router A), respectively, right?

Finally, why on earth do you need to do this deny upper half, permit lower half stuff?!

[This message has been edited by dmaftei (edited 01-26-2001).]

Report this post to a moderator

01-26-01 10:43 PM

IP: Logged

Bear
Member

Registered: May 2000
Location: Weatherford, tx usa
Country:
State:
Certifications:
Working on:

Total Posts: 38

quote:
Originally posted by dmaftei:
Show us the "access-list 101" you're using.

The hosts you want to deny/permit are 172.17.2.168 - 172.17.2.190, and 172.17.2.129 - 172.17.2.159 (i.e., hosts attached to eth0 on router A), respectively, right?
yes this correct
access-list 101 deny tcp 171.17.2.160 0.0.0.31 171.17.15.1.0 not sure after this

Finally, why on earth do you need to do this deny upper half, permit lower half stuff?!

[This message has been edited by dmaftei (edited 01-26-2001).]

Report this post to a moderator

01-26-01 11:20 PM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

Practicing quoting?!

Report this post to a moderator

01-26-01 11:43 PM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

quote:
Originally posted by Bear:
Could someone show me how to block the uper half of a subnet to 2 ports

Router B eo 172.17.12.66 s0 172.17.15.1 sm 255.255.255.192
Router A s0 172.17.15.2 e0 172.17.2.128
I want to block the host 160 through 190 from telneting to both the s0 and e0 ports on router B I want to let host 129-159 get through.

I guess I'm doing this as an intellectual exercise, because you certainly don't cooperate to solve your own problem...

You can do this on router A:

access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.12.66 eq 23
access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.15.1 eq 23
access-list 199 permit ip any any

Next you apply access list 199 on eth0 inbound (best):
int eth0
ip access-group 199 in

OR on ser0 outbound:
int ser0
ip access-group 199 out

You can also do it on router B: configure the same access list and apply it inbound on ser0

Cheers!

Report this post to a moderator

01-27-01 12:10 AM

IP: Logged

Bear
Member

Registered: May 2000
Location: Weatherford, tx usa
Country:
State:
Certifications:
Working on:

Total Posts: 38

[QUOTE]Originally posted by dmaftei:
I guess I'm doing this as an intellectual exercise, because you certainly don't cooperate to solve your own problem...

You can do this on router A:

access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.12.66 eq 23
access-list 199 deny tcp 172.17.2.160 0.0.0.31 host 172.17.15.1 eq 23
access-list 199 permit ip any any

Next you apply access list 199 on eth0 inbound (best):
int eth0
ip access-group 199 in

OR on ser0 outbound:
int ser0
ip access-group 199 out

You can also do it on router B: configure the same access list and apply it inbound on ser0

Cheers![/Q
that bocked evry thing I need to block 160-190 and let 129-159 get in

Report this post to a moderator

01-27-01 01:02 AM

IP: Logged