Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Help with ACL's please

Help with ACL's please 13 years 7 months ago #5641

Research & Development

223.0.0.0/26- Net address
223.0.0.1 -default gateway
223.0.0.2 -vlan address
223.0.0.3 ~ .62 223.0.0.63 -host addresses
255.255.255.192 -subnet mask

The 223.0.0.3 address is saved for the department head, they have access the everything. I have created this access list with the hosts not having FTP or Telnet access, could someone tell me if they will work like this:

access-list 111 permit host 223.0.0.3
access-list 111 permit ip any host 223.0.0.0 0.0.0.255 any eq www
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq ftp
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq telnet

Thanks and any help will be wonderful.
Kevin

Please Log in to join the conversation.

Re: Help with ACL's please 13 years 7 months ago #5642

I just want to know if I put these on the router, will they work.

Thanks
Kevin

Please Log in to join the conversation.

Re: Help with ACL's please 13 years 7 months ago #5643

access-list 111 permit host 223.0.0.3
access-list 111 permit ip any host 223.0.0.0 0.0.0.255 any eq www
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq ftp
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq telnet

Thanks and any help will be wonderful.
Kevin


--Looking at the access-list I can say it won't work. The reason being, if you want to filter the network by Application Layer, you MUST choose an entry here that allows you to go up through the OSI model. So, for www, ftp, telnet you must choose *TCP*. If you were to choose IP as you did, you would never leave the Network Layer.

So change the Protocol field entry from IP to TCP.

Please Log in to join the conversation.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle

Re: Help with ACL's please 13 years 7 months ago #5645

thanks a whole alot

Please Log in to join the conversation.

Kinda off topic 13 years 4 weeks ago #8561

Hi all. You all seem knowledgeble in ACLs, so if I may ask a question? How would one make a ACL that blocks odd ips, such as 192.168.15.1 - 192.168.15.3 ..... , but lets through even ip's aka 192.168.15.2 - 192.168.15.4 etc.... If you can help me, I would be greatly appreciative.

Please Log in to join the conversation.

Re: Help with ACL's please 13 years 4 weeks ago #8570

Greetings,

In reply to fallenZer0 his post:

I was under the presumption that if you specify IP, it included TCP, UDP and ICMP. My guess would be that the ACL's posted by kevinbroga would work.

Greetings,

Stefan

Please Log in to join the conversation.

  • Page:
  • 1
Time to create page: 0.161 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup