Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
3
Replies

quick & Simple ACL Question

stownsend
Level 2
Level 2

‎03-12-2003 04:15 PM - edited ‎03-02-2019 05:50 AM

I'd like to block all traffic from the S0 interface to a specific IP on the FE0 interface.

Though I want the IP on FE0 to be able to make out going requests to the net and be able to get data back.

I'm working with a 2621 with IOS Version 12.1(2)T.

Thanks,

Scott<-

Labels:
0 Helpful
3 Replies 3

donewald
Level 6
Level 6

‎03-13-2003 04:40 AM

Scott,

Something like this would need to be created and then applied to your Serial0 interface.

access-list 101 deny ip any host

access-lisst 101 permit ip any any

in inteface configuration mode on your Serial0 interface

config-if) ip access-group 101 in

This would deny traffic coming in from anyone to your FE0 host IP.

Hope this is what you were looking for,

Don

0 Helpful

stownsend
Level 2
Level 2
In response to donewald

‎03-13-2003 07:19 AM

Yes it is. Though I believe that is what I have and its not working... )-;

Do I apply the access list to the

interface Serial0/0

or

interface Serial0/0.1 point-to-point

interface? I currently have it on the interface Serial0/0

I'll move it and see how it goes...

Thanks!

Scott<-

0 Helpful

stownsend
Level 2
Level 2
In response to donewald

‎03-13-2003 07:27 AM

Hmmm.. That didn't seem to help.

Here are the parts of my config:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip access-group 101 out

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

description Seral Connection to the internet

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 10.1.0.1 255.255.255.252

ip access-group 102 in

ip load-sharing per-packet

no ip mroute-cache

frame-relay interface-dlci 16

!

access-list 101 permit ip any any

access-list 101 deny ip 64.174.32.0 0.0.0.255 any

access-list 101 deny tcp any any eq 6346

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 137

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 138

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 139

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-dgm

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-ns

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-ss

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 1433

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 1434

access-list 102 deny icmp any 0.0.0.0 255.255.255.0

access-list 102 deny icmp any 0.0.0.255 255.255.255.0

access-list 102 deny icmp any any redirect log

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 224.0.0.0 31.255.255.255 any

access-list 102 deny ip 0.0.0.0 0.255.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 deny ip 255.0.0.0 0.255.255.255 any

access-list 102 deny ip host 0.0.0.0 any

access-list 102 deny ip host 0.0.0.0 any log

access-list 102 permit ip any any

0 Helpful
Customers Also Viewed These Support Documents