hi,
how would i implement an access control list on a cisco router?
lets say i have a mini network setup, with 8 computers and 4 routers. and each 2 set computer is attached to a switch. (so it will look like a star network)
how would i;
stop a telnet from a workstation to a router, stop a ping from a workstation to a workstation.
thanx
Jon
Define an ACL like:
access-list 1 deny host access-list 1 permit any
and associate it with the telnet virtual terminals with:
line vty 0 5 access-class 1 in
Configure an ACL like:
access-list 101 deny icmp host host echo access-list 101 permit ip any any
and associate it with an interface:
interface Eth0 ip access-group 101 out
Since this is an outbound ACL, you should put it on the interface that is connected to. You could also put it on 's interface, but then you would have to specify "in" instead of "out".
hi,
this is wat i got;
To block a telnet from workstation 5 to Boaz
Boaz(config)#access-list 1 deny host 128.34.2.2 Boaz(config)#access-list 1 permit any
Boaz(config-line)#line vty 0 4
Boaz(config-line)#access-class 1 in
To block a ping from workstation 3 to workstation 5
Boaz(config)#access-list 101 deny icmp 128.34.4.2 128.34.5.2 echo Boaz(config)#access-list 101 permit tcp any any
Boaz(config-line)#interface Eth0 Boaz(config-line)#ip access-group 101 out
is that correct?
thanx
jon
You're missing the keyword "host" before each IP. Didn't it complain when you tried to type this, since the syntax is incorrect?
Also, this blocks pings from workstation 5 to workstation 3. The source is first, the destination is second.
That should be "ip", not "tcp".
I assume Eth0 is the interface that
Is this all you are trying to do? Is there any other permits or denys that need to be implemented? Email me and I will be happy to discuss this with you.
Jon C.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.