Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
0
Helpful
5
Replies

need help on access list

kadam_abhijit1
Level 1
Level 1

‎07-23-2015 11:07 PM - edited ‎03-05-2019 01:56 AM

Dear All,

I wanted to configure access list on cisco 2851 router. requesting you please help me.

Source :- 11.11.11.11/24

Destination :- 10.10.10.10

Port :- 7777

 

Thenks in advance.

 

Abhijit

 

Labels:
0 Helpful
5 Replies 5

Traian Bratescu
Level 1
Level 1

‎07-23-2015 11:38 PM

Assumptions:

* traffic is TCP

* only this traffic will be allowed inbound - interface fa0/0 in the example; everything else is denied

 

R3(config)#access-list 2001 permit tcp 11.11.11.0 0.0.0.255 host 10.10.10.10 eq 7777

R3(config)#int fa 0/0

R3(config-if)#ip access-group 2001 in

 

Traian

0 Helpful

kadam_abhijit1
Level 1
Level 1
In response to Traian Bratescu

‎07-24-2015 10:59 AM

Thank you so much for the solution. will try and let you know. :)

 

0 Helpful

paul driver
VIP
VIP
In response to kadam_abhijit1

‎07-24-2015 12:06 PM

Hello

 

Please note if you are running any routing protocol on the interface your appling the acl make sure you allow that protocol to transit

access-list 100 permit <eigrp | ospf> any any
access-list 100 permit udp any any eq rip
access-list 100 permit tcp any any eq bgp
access-list 100 permit tcp 11.11.11.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 777

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Muhammad Thanveer
Level 5
Level 5

‎07-24-2015 12:26 AM

Hello Friend,

First you have to configure the access-list then you have to apply it to the proper interface to take changes effect.

As said by Mr.Traian  u need to find whether the intresting traffic is TCP/UDP and configure the access-list to permit/deny. Then need to apply inbound/outbound accordingly to the interface for take the changes effect.

**access-list will take the sequential order to get executed, if you are not having permit command to any any or if you are not having enough commands to have your task done, then please note that there is always an explicit deny in the end.

Have a look here

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

http://computernetworkingnotes.com/network-security-access-lists-standards-and-extended/extended-access-list.html

http://orbit-computer-solutions.com/Access-Control-Lists--ACL-.php

0 Helpful

Sanjith47
Level 1
Level 1

‎07-24-2015 12:56 AM

Please let us know whether you want to deny the traffic or permit it. Are both subnets on the same router or exists in different ones.

If on different then router 2851 hosts which subnet and on what port.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card