Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access-list Process- Urgent Help Please

Dear All,

My question here in this forum , in the Process of :-

1- Which Interface should I apply this Access-list ?

2- on which Direction on the selected interface I have to apply this Access-list ? In or Out ?

Now, My question is here :-

Was I correct in choosing the Interface that I will apply this Access-list or not ?

Please read my Process of choosing the Interface, and tell me if I am correct or Not ?

I have here My Router, as Internet Router which is 1841 , with 2 Fast Ethernet interfaces as the following :-

1. Fast Ethernet 0 / 0 :-

Description : connected to My Network as MY LAN .

IP Address of this Interface : 192.168.1.10 / 255.255.255.0

2. Fast Ethernet 0 /1 :-

Description : connected to Second Network on second Building.

IP Address of this Interface : 172.16.20.10 / 255.255.0.0

3. Serial Interface ( S 0 ).

Description : connected to My Server Farm which is in another Network

IP Address of this interface : 10.1.8.20 / 255.255.255.0.

> No any serial interface or any serial connection at all on my 1841 Route.

> The Default route on My Router is

> IP ROUTE 0.0.0.0 0.0.0.0 10.1.8.20

Now, I want only to deny user 192.168.1.40 to access the one server on the server FARMS which is OUR POP3 Server with this IP 10.1.8.40 / 24.

As anyone knows, its an Extended Access List.

So I wrote it like that:-

Router(config)# access-list 102 deny tcp 192.168.1.40 0.0.0.0 host 10.1.8.40 eq smtp

Router(config)# access-list 102 deny tcp 192.168.1.40 0.0.0.0 host 10.1.8.40 eq pop3

Router(config)# access-list 102 permit ip any any

Process of choosing the interface :-

1- Which Interface should I apply this Access-list ?

2- on which Direction on the selected interface I have to apply this Access-list ? In or Out ?

To answer and to understand the answer, for the 2 questions, here is my Process :-

First Interface f 0 / 0 :-

< this is the originating interface, and no need to apply the ACLs on it weather if inbound or outbound >, so F0/0 is not the correct interface to apply the ACLS on it.

Second Interface f 0 / 1 :-

< this is the second interface, and it have inbound / outbound direction , if I enable the ACL on this Interface, on the inbound direction, it will inter because nothing match on the condition, also, no need to make it on the OUTBOUND direction, because it will not get out from this interface, or there is no match condition on it.

Third Interface S0:-

Also, I have to look to the route on the Router, I will find it, every thing will route to interface serial / 0, and if I enable the ACL on the inbound direction, it will stop the traffic from enter the Interface < only it will disable from enter the interface, if the conditions accrue > so no need on the inbound, but on the outbound it will work.

So, final answer will be as following :-

1- Which Interface should I apply this Access-list ?

( Serial / 0 ) .

2- on which Direction on the selected interface I have to apply this Access-list ? In or Out ?

( Outbound ) .

Was I correct or not ? please some one is update me.

1 REPLY
Blue

Re: Access-list Process- Urgent Help Please

this post was responded to in the other sections, data center as well as lan switching/routing.

please do not open the same post(s) in all available forums. you may find you get zero response at all.

there is a group of engineers that monitor this entire forum in all areas most of the time every weekday and i can assure you if you have a question that can be answered, it will be; even if you post it in only one forum.

(weekends are not monitored nearly as much although i've been trying to assist on the weekends lately and there are others as well. you may not get as quick a response as you need so please be patient)

thank you.

131
Views
0
Helpful
1
Replies
CreatePlease to create content