cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
0
Helpful
4
Replies

Creating ACLs

onel.riveron
Level 1
Level 1

Hi all,

I'm very new to all this. In fact, this is my first class ever in routing. As you can probably guess, I'm loving it, but as much as I'm loving it, I'm also hitting many bumps.

I have a lab due and I need to design an ACL that blocks Telnet access from anywhere, however, it allows Telnet to 2 specific hosts in the diagram.

I have Router B with interface F0/1 and F0/0.

The ACL has to block Telnet access from everything to the host in Router B, interface F0/0. But access has to be allowed to 2 hosts in Router A, interface F0/1.

Host in Router B has IP 10.0.85.45.

Hosts in Router A have IP 10.0.180.55, 10.0.180.119, WC for those 2 hosts is 0.0.0.32.

All help will be greatly appreciated.

Thanks!!!

4 Replies 4

mpellegrino12
Level 1
Level 1

Not sure I really understand your question. 

John and Kevin need telnet access to which router?

You said all other telnet access needs to be denied, but then only mention Leo computer. What exactly is being denied?

If you post the exact questions on that paper I can help you out

I'm sorry. I wrote it all kinda of in a hurry.

This is what I'm being asked to do:

Develop and implement an ACL that accomplishes the following:

-Grants Kevin and John access to leo's Telnet server, and

-Grants Alicia and Michael access to Mary's Telent server, and

-Denies hosts on Kevin's and John's subnet indirect access of any kind, except above

-Denies hosts on Alicia's and Michael's subnet indirect access of any kind, except above

-Allows all other communications

Looking at the diagram, what I understand is that I have to develop an ACL that allows communication to Leo's Telnet server only from Kevin and John.

Then whoever manages the other router would develop an ACL that grants access to Mary's Telnet server only from Alicia and Michael.

This is what I have come up with:

In Router B

 ip access-list extended BlockTelnet

 permit tcp 10.0.180.55 0.0.0.64 any

 deny tcp 0.0.0.0 0.0.0.64 any

 remark Allows Telnet access to Leo only from Kevin & John

To get you started, the commands to allow telnet FROM hosts John and Kevin TO Leo, you can use these ACLs:

! Allow John telnet access to Leo
access-list 100 permit tcp host 10.0.180.55 host 10.0.85.45 eq telnet
! Allow Kevin telnet access to Leo
access-list 100 permit tcp host 10.0.180.119 host 10.0.85.45 eq telnet
! Deny all other host telnet access to Leo
access-list 100 deny tcp 10.0.128.0 0.0.127.255 host 10.0.85.45 eq telnet
! Allow all other traffic
access-list 100 permit ip any any

Where:
TCP is the protocol of telnet
host 10.0.180.x (the first IP address) is the source of the traffic
host 10.0.85.45 is the destination (telnet server)
eq telnet is the destination port/service (23)

ACLs should be placed closest to the source of the traffic you want to filter. So apply this to the interface on Router A LAN interfaces:

int fa0/0
ip access-group 100 in
int fa0/1
ip access-group 100 in

*** You need more than this, this is one set of permit rules only, this is your lesson/study, so use my template and create the other rules you need to block traffic on the other router (Router B).

I don't understand the requirement of 'Denies hosts on Kevin's and John's subnet indirect access of any kind, except above' then 'Allows all other communications'.  Can you explain more?  These sound like they contradict each other.  You may need more deny rules before the final permit rule.  But from the description I can't work out what you need.

Regards,

Ben

onel.riveron
Level 1
Level 1

Thank you all for replying. I finally got this thing to work and the teacher went over it with me.

Review Cisco Networking for a $25 gift card