Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: i want use 1 ip address 192.168.2.0/24

Re: i want use 1 ip address 192.168.2.0/24 9 years 2 months ago #37187

  • sais
  • sais's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 59
  • Thank you received: 0
@ nevins sorry . licence romoved . so wat next..... pls giude me.

Re: i want use 1 ip address 192.168.2.0/24 9 years 2 months ago #37188

  • Nevins
  • Nevins's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 438
  • Karma: 4
  • Thank you received: 9
Alright so without looking at your current config I'm going to inform you that the proper way to deal with this sort of situation is with an access list (normally combined with a dns server and host files).




An access list permits or denies something.


There are two types of access lists. There is a standard access list, which permits or denies based off of ip address and there is an extended access list which permits or denies based on more granular controls that match to an ip address and a port or protocol.

A standard access list follows the following format:


Access-list <list number> <permit/deny> <ip address> <wildcard mask>


Example:
access-list 10 permit 192.168.3.0 0.0.0.255
access-list 10 deny any


( note deny any is at the end of all access lists by default to fix this just put permit all in front of it)


An extended access list on the other hand can be more specific about the traffic that it permits or denies. Extended access lists are great because they really allow you to choose what comes in and out of our network. A key function of extended access lists is the ability to deny by port. This matters to you because web traffic takes place on ports 80 (http) and 443 (https)

The format for an extended access list is as follows:

access-list <100-199 or 2000-2699> <permit or deny> <tcp or udp or ip> <source host address or network or any> <operator> <port> <destination host address or network or any> <operator><port>


Example:

R1(config)#access-list 101 deny tcp host 192.168.2.1 host 69.63.176.13 eq www
R1(config)#access-list 101 permit ip any any


To apply this access list to an interface you would simply type the following:

R1(config)#int fa0/0/0
R1(config-if)#ip access-group 101 in
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html

Re: i want use 1 ip address 192.168.2.0/24 9 years 2 months ago #37189

  • Nevins
  • Nevins's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 438
  • Karma: 4
  • Thank you received: 9
www.cisco.com/en/US/docs/ios/12_0t/12_0t.../guide/timerang.html

this is for if you need to apply time based access lists
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
  • Page:
  • 1
  • 2
Time to create page: 0.105 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup