Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Access-lists

I have a small question. I have 2 networks (1 & 2 ) connected to a router on interface fa0/1 and fa0/2 respectively. I would like to deny telnet access from network 1 to network 2. With the condition that interface fa0/1 is configured access-group out.

Thank you,

Marc Alonzo

5 REPLIES

Re: Access-lists

Hi,

interface Fa0/1

ip address 10.1.1.1 255.255.255.0

ip access-group 100 out

interface Fa0/2

ip address 192.168.2.2 255.255.255.128

access-list 100 deny tcp 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.127 eq telnet

access-list 100 permit ip any any

Hope this helps

Martin

New Member

Re: Access-lists

Dear Martin,

This configuration would be right if the interface fa0/1 is configured as ip access-group 100 in and not out.

I have tried as you have said but i can still telnet.

Thank you

Marc Alonzo

Re: Access-lists

Hi,

strange ... from where to where are you doing the telnet?

Martin

Edit: Oops, yes this is exactly the question.

access-list 100 deny tcp 192.168.2.0 0.0.0.127 eq telnet 10.1.1.0 0.0.0.255

access-list 100 permit ip any any

This will do it.

New Member

Re: Access-lists

OK great it is working ... So we should just swap the source and destination address !

You have been very halpful

Thanks ...

Re: Access-lists

Yes, because in the direction the traffic is checked by the access-list, the source is in 192.168.2.0 and the destination of the packet is in 10.1.1.0.

Happy New Year

Martin

148
Views
5
Helpful
5
Replies
CreatePlease to create content