Ok so I'm setting up these TCP ports on allowing them on one point to the next but I don't know how to block it from the source to the router or block it from the source to a destination? It keeps showing up saying TCP is going to this destination I don't want it to go to. I'm typing access-list 1### host source host destination eq port#. So it only allows that TCP port in but it's not being implicit like it's suppose to be on blocking the TCP that's not on the access list. I've tried deny tcp any any. Any other options?
I am not clear on exactly what you are trying to accomplish, exactly what you have configured, and exactly what problem you are encountering. So some clarification would allow us to give you better answers.
Since this is clearly some issue with configuring extended access lists to filter TCP ports let me offer a couple of observations and suggestions based on what I see as common problems:
- remember that the extended access list can permit or deny source port, destination port, or both source and destination ports. So think carefully about which you want to filter.
- remember that determinining whether a port will be source port or destination port will depend on which interface the access list will be applied to, and whether the access list will be applied inbound or outbound.
- remember that the access list does not do anything just because it is configured. The access list must be applied to an interface for it to begin actively filtering packets.
If you are still having problems then please provide information on what you are trying to accomplish, what you have configured, and how you determine whether it is working or not.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...