Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Help with ACL's please

Help with ACL's please 12 years 1 month ago #5641

Research & Development

223.0.0.0/26- Net address
223.0.0.1 -default gateway
223.0.0.2 -vlan address
223.0.0.3 ~ .62 223.0.0.63 -host addresses
255.255.255.192 -subnet mask

The 223.0.0.3 address is saved for the department head, they have access the everything. I have created this access list with the hosts not having FTP or Telnet access, could someone tell me if they will work like this:

access-list 111 permit host 223.0.0.3
access-list 111 permit ip any host 223.0.0.0 0.0.0.255 any eq www
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq ftp
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq telnet

Thanks and any help will be wonderful.
Kevin
The administrator has disabled public write access.

Re: Help with ACL's please 12 years 1 month ago #5642

I just want to know if I put these on the router, will they work.

Thanks
Kevin
The administrator has disabled public write access.

Re: Help with ACL's please 12 years 1 month ago #5643

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
access-list 111 permit host 223.0.0.3
access-list 111 permit ip any host 223.0.0.0 0.0.0.255 any eq www
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq ftp
access-list 111 deny ip any host 223.0.0.0 0.0.0.255 any eq telnet

Thanks and any help will be wonderful.
Kevin

--Looking at the access-list I can say it won't work. The reason being, if you want to filter the network by Application Layer, you MUST choose an entry here that allows you to go up through the OSI model. So, for www, ftp, telnet you must choose *TCP*. If you were to choose IP as you did, you would never leave the Network Layer.

So change the Protocol field entry from IP to TCP.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: Help with ACL's please 12 years 1 month ago #5645

thanks a whole alot
The administrator has disabled public write access.

Kinda off topic 11 years 6 months ago #8561

  • andrewk1
  • andrewk1's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi all. You all seem knowledgeble in ACLs, so if I may ask a question? How would one make a ACL that blocks odd ips, such as 192.168.15.1 - 192.168.15.3 ..... , but lets through even ip's aka 192.168.15.2 - 192.168.15.4 etc.... If you can help me, I would be greatly appreciative.
The administrator has disabled public write access.

Re: Help with ACL's please 11 years 6 months ago #8570

  • stefke
  • stefke's Avatar
  • Offline
  • Frequent Member
  • Posts: 36
  • Karma: 0
Greetings,

In reply to fallenZer0 his post:

I was under the presumption that if you specify IP, it included TCP, UDP and ICMP. My guess would be that the ACL's posted by kevinbroga would work.

Greetings,

Stefan
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup