Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

quick & Simple ACL Question

I'd like to block all traffic from the S0 interface to a specific IP on the FE0 interface.

Though I want the IP on FE0 to be able to make out going requests to the net and be able to get data back.

I'm working with a 2621 with IOS Version 12.1(2)T.

Thanks,

Scott<-

  • Other Network Infrastructure Subjects
3 REPLIES
Silver

Re: quick & Simple ACL Question

Scott,

Something like this would need to be created and then applied to your Serial0 interface.

access-list 101 deny ip any host

access-lisst 101 permit ip any any

in inteface configuration mode on your Serial0 interface

config-if) ip access-group 101 in

This would deny traffic coming in from anyone to your FE0 host IP.

Hope this is what you were looking for,

Don

New Member

Re: quick & Simple ACL Question

Yes it is. Though I believe that is what I have and its not working... )-;

Do I apply the access list to the

interface Serial0/0

or

interface Serial0/0.1 point-to-point

interface? I currently have it on the interface Serial0/0

I'll move it and see how it goes...

Thanks!

Scott<-

New Member

Re: quick & Simple ACL Question

Hmmm.. That didn't seem to help.

Here are the parts of my config:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip access-group 101 out

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

description Seral Connection to the internet

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 10.1.0.1 255.255.255.252

ip access-group 102 in

ip load-sharing per-packet

no ip mroute-cache

frame-relay interface-dlci 16

!

access-list 101 permit ip any any

access-list 101 deny ip 64.174.32.0 0.0.0.255 any

access-list 101 deny tcp any any eq 6346

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 137

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 138

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 139

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-dgm

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-ns

access-list 102 deny udp any 192.168.1.0 0.0.0.255 eq netbios-ss

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 1433

access-list 102 deny tcp any 192.168.1.0 0.0.0.255 eq 1434

access-list 102 deny icmp any 0.0.0.0 255.255.255.0

access-list 102 deny icmp any 0.0.0.255 255.255.255.0

access-list 102 deny icmp any any redirect log

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 224.0.0.0 31.255.255.255 any

access-list 102 deny ip 0.0.0.0 0.255.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 deny ip 255.0.0.0 0.255.255.255 any

access-list 102 deny ip host 0.0.0.0 any

access-list 102 deny ip host 0.0.0.0 any log

access-list 102 permit ip any any

63
Views
0
Helpful
3
Replies