Newbie help

Greetings good folks.

I am in the process of obtaining my CCNA Cert. through a (relatively)local Tech school. I am happy to find this group, as I am basically having to take the online approach to learning due to the lack of assistance my instructor has given me lately.

The main problem I have been having lately is with ACL's. I have read the Chapter, the powerpoint presentation my instructor used, and the online material, but it just is not coming together in my head. Is there any basic, down to earth explanation that anyone can offer, or any assistance at all?

Any assistance on this topic and any other I might ask is greatly appreciated, and hopefully can be returned one day.

thank you. Jon

Reply to
Loading thread data ...

Let me go into a little more detail...

(some might recognize this to be similar to the Case Study in Cisco II)

Lets say you have 3 routers.

Router A is the center router, with a file server and a host on the F0/0 port. Router B is connected to Router A's S0/1 port, and has 2 hosts on the F0/0 port. Router C is connected to Router A's S0/0 port, and has 2 hosts on the F0/0 port.

Everything on A should be able to connect to all hosts. B should only be able to connect to B hosts and the file server on A. C should only be able to connect to C hosts and the file server on A.

If you ping a B host from a C host, it should be denied, and vice versa. A ping from the A host or file server to B or C should be allowed. A ping from the B host to the other B host should be allowed, and the same on C. The hosts on B and C should be able to access the File Server on A, but not the Host on A.

Going by this, I feel that a Extended ACL should be placed on the serial ports of the A router.

S0/1 should have access-list 100 permit (b addresses) (wm) host (a file server address)

S0/0 should have access-list 101 permit (c addresses) (wm) host (a file server address)

Would this work correctly?

The problem I had before was that when I pinged a B or C host from the A host, it was denied.

Any help would be appreciated.


Reply to

Hi, first, I want to point-out that I got no training in Cisco hardware/software at all. I use a Cisco 1720 with a WIC-1ENET as a cable modem router for my home network and everything works just fine (after about

20 hours of tinkering since I had no idea how it worked).

I would like to know if there is any way to connect to the console using telnet instead of the cosole port on the Cisco 1720 and if so, how? It seems to request a username and a password and I have no idea how to create a user account on the router if it is at all possible. I would also like to restrict telnet console access to my internal network, is that possible?

Thank you.

Simon B.

Reply to
Simon Berthiaume

Copy and paste the following into your config to enable telnet access. Replace everything between the < and > with your information. Lines preceded with ! are comments. You can paste them without effect or leave them out. It's up to you.

config t service password-encryption !encrypts the passwords in the configuration username privilege 15 password !configures a username and enable full access line vty 0 4 !enter line configuration mode for telnet lines login local !use the local user database to authenticate end write memory !save the configuration



Reply to

If you have access to the console and the configuration - do a show run and see if you see the username defined. I assume since this is at home you dont have tacacs configured.

Reply to
Private Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.