Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: subnet mask

Re: subnet mask 15 years 1 month ago #2467

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 521
  • Thank you received: 0
I think he means routerA and not router 1.
Thanks,

Tom

Re: subnet mask 15 years 1 month ago #2478

If thats what it meant... it makes a bit more sense... but you should still be applying those ACLs to the virtual terminal (telnet) interfaces :
line vty
access-class 101 in
^Z
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com

Re: subnet mask 15 years 1 month ago #2480

  • indebluez
  • indebluez's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 114
  • Thank you received: 0
oh i didnt noe we had to apply the access-list at line vty interface if we are blocking telnet
in celticrover site...under the lab sessions...in telnet lab...
its just been placed at the ethernet int.
plz reply as soon as possible

Re: subnet mask 15 years 1 month ago #2488

Test solution is incorrect, your ACL will work, Sahirh is right also, if you had a bri for dial-up access or so, telnet would be permitted.

Apply ACL to vty, and NO access, however, you lock yourself out save for console.
A scapegoat is often as welcome as a solution...never memorize what you can look up.

Re: subnet mask 15 years 1 month ago #2490

Understand this :

If you apply the ACL to the vty interfaces, then it will apply to someone trying to log in to the router via telnet. However if you apply the ACL to the regular interfaces, then the router will not forward telnet packets..

You see the difference ? Say you wanted to isolate one subnet and not allow any telnet access there, then you would apply the ACL to the regular interface that leads there.

Also remember, standard access lists are placed as close to the destination as possible, while extended access lists are placed as close to the source of the traffic as possible.

Also remember, you can only apply one ACL per interface, and you should start with the most specific tests at the top and go on downwards. The ACLs are read from top to bottom and the second a test matches the current packet, the remaining rules are ignored so there is no point testing for the same criteria twice.

Also remember that there is an implicit deny all statement at the end of every access list, so if you don't have at least one permit statement in the list, the interface will be as good as shutdown.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com

Re: subnet mask 15 years 1 month ago #2491

  • indebluez
  • indebluez's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 114
  • Thank you received: 0
hi sahirh, thx i really understd by wht it means to place it on the int n vty now...thx a mil!
one last qn on this qn from celtic site...
how did celtic get 3 braodcast domains???

the qn looks something like this....

3 workstattions - bridge- hub- router - switch-4 workstattions

i understand how he got
7 collision domains (4+3 wkstattions, as switchses n bridges break up collision domains)...but how 3 broadcast domains??
Time to create page: 0.117 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup