Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
1
Replies

ACL disable mi conection

mcelec
Level 1
Level 1

‎12-10-2002 02:03 PM - edited ‎02-20-2020 09:19 PM

I `ve a router 1721 with IOS default version,

The Serial0 int is a FR encap, there`s a subint s0.x, I need to install ACL over

that ints0.x, but when I apply it to that int all the traffic inside and outside is lost,

the acl I`m using is:

ip access-list extended XXXXX

permit tcp any host x.x.x.x 255.255.255.255 eq x

similar line

similar line

then, I apply it to s0.x ¨ in ¨

Can you help me please

regards

Martin Cordero

Labels:
0 Helpful
1 Reply 1

jekrauss
Level 1
Level 1

‎12-10-2002 05:57 PM

Martin,

Keep in mind that when you apply an acl like this, it allows any external user to access host x.x.x.x on port x. It blocks ALL other traffic, including return traffic.

You need to identify other traffic which you want to permit, including return traffic (very typical is dns replies, icmp traffic, established tcp traffic, etc).

Consider temporarily modifying your ACL as follows:

permit tcp any host x.x.x.x 255.255.255.255 eq x

permit tcp any any log

permit udp any any log

permit icmp any any log

permit ip any any log

Then, enable "logging on" and logging buffer debug" and do a show log and see what traffic you normally permit, then allow the desired portion of that traffic. Once you have the majority of that traffic identified, then you can remove the extra permit statements, and consider temporarily putting a "deny ip any any log" to see what else you might be missing.

Once you're done tuning, then remove all the extraneous lines.

HTH

Jeff

0 Helpful
Customers Also Viewed These Support Documents