1. Home
  2. Cisco Systems
  3. Newbie with Access List

Newbie with Access List

Hello there ... I want to configure on my Cisco router access list to restrict access on some of my IPs. The GW of the subnet is configured as secondary on my FastEthernet interface, so I guess the access group needs to be configured on this interface. The subnet is the following xxx.xxx.1.128 with 255.255.255.224 as netmask. The GW is xxx.xxx.1.129. I want to restrict ssh and http access on this subnet and permit only few IPs ... How can I configure the access list ? Thanks for your support ... Michel

Reply to
Michel DUBOIS
Loading thread data ...

You need to clarify what you're trying to accomplish. Do you want to restrict the client addresses or the server addresses? Are you trying to restrict incoming or outgoing connections?

The subnet and gateway addresses are irrelevant. What we need to know is the direction of the traffic you want to filter, and the criteria you want to use to filter by.

Reply to
Barry Margolin

Dear Barry,

I want to restrict access from incoming connections on some IPs of this subnet.

So for exemple I want to block all traffic on one give IP on incoming connection, except ssh from one or two IPs. Is it clear ? Thanks ... M.

Reply to
Michel DUBOIS

So if the server is 10.10.10.10, and you want to allow ssh from 1.2.3.4 and 5.6.7.8:

access-list 101 permit tcp host 1.2.3.4 host 10.10.10.10 eq 22 access-list 101 permit tcp host 5.6.7.8 host 10.10.10.10 eq 22 access-list 101 deny tcp any host 10.10.10.10 access-list 101 permit any any

interface FastEthernet 0/1 ip access-group 101 out

Reply to
Barry Margolin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.