thanks for the your answer, I have solved it. But I am doubt that whether
we should add a "access-list 101 permit ip any any" to the access-list 101.
If I were not wrong, only access-list "permit" end with implicit deny at the
end. But access-list deny doesn't end with implicit permit at the end. Is
that correct??
B)For your info, our serial got sub-interface but only 1, s0.1, so I have to
applied to the sub-int instead of main interface right?? But I am applying
to the sub-interface now
C)I tried if I used outbound access-list , it doesn't work, only inbound
access-list work, is it because 100.100.100.101 is the router ethernet IP,
so if it is outbound filter, it will route to the ethernet first before
checking the access-list. Mu assumption correct or not?
3)As part of other set of access lists on your serial side
Router(config)#access-list 101 deny icmp any host 100.100.100.101
Router(config)#int s0
Router(config-if)ip access-group 101 in
-----Original Message-----
From: Williamson, Paul [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 25, 2001 3:50 PM
To: [EMAIL PROTECTED]
Subject: RE: what wrong with the access-list?? [7:1825]
These are answers to your questions, although i wouldn't simply use these
answer to configure this router.
1) you need to upgrade your IOS (not sure what to exactly 12.x will do it)
2) you should use ACL numbers 100-199, also use Deny, don't need the eq any
ie
sin-net(config)#access-list 101 deny tcp host 100.100.100.100 host
100.100.100.101
to deny everything use
sin-net(config)#access-list 101 deny ip host 100.100.100.100 host
100.100.100.101
3)As part of other set of access lists on your serial side
Router(config)#access-list 101 deny icmp any host 100.100.100.101
Router(config)#int s0
Router(config-if)ip access-group 101 in
Hope this helps
-Paul
-----Original Message-----
From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
Sent: 25 April 2001 07:57
To: [EMAIL PROTECTED]
Subject: what wrong with the access-list?? [7:1825]
Hello,
1)I wanted to create a named IP access-list , then I used the following
command at the first step. But it prompt me with error. What's wrong?
sin-net#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sin-net(config)#ip access-list extended Binternet
^
% Invalid input detected at '^' marker.
2)Take a look below
sin-net(config)#access-list 201 permit tcp host 100.100.100.100 host
100.100.100.101 eq any
anything wrong with this? if I want to block every TCP connection from
100.100.100.100 to 100.100.100.101 regardless the port what should I do?
if I want to block every connection 100.100.100.100 to 100.100.100.101
regardless it it tcp, udp and etc What should I do?
3)I have a internet router with one ethernet0 int's IP 100.100.100.101 and a
serial IP unumbered to ethernet0, I have a firewall which connect to
ethernet0 of the router with IP 100.100.100.100. I want to disallow other
from internet cannot ping my router ethernet only 100.100.100.100 can
100.100.100.101(ethernet0) what should I do? Can I do the the following? As
I know access-list work only for packet passing thru the router but the
destination is the router's ethernet IP. Can it works? and which interface
should I apply the access-list actually serial or ethernet? since serial is
unumbered to ethernet int
Router(config)#access-list 101 permit icmp 100.100.100.100 100.100.100.101
Router(config)#int eth0
Router(config-if)ip access-group 101 out
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PLEASE READ: The information contained in this e-mail is confidential
and intended for the named recipient(s) only. If you are not an intended
recipient of this email you must not copy, distribute or take any
further action in reliance on it and you should delete it and notify the
sender immediately. Email is not a secure method of communication and
Nomura International plc cannot accept responsibility for the accuracy
or completeness of this message or any attachment(s). Please examine this
e-mail for virus infection, for which Nomura International plc accepts
no responsibility. If verification of this email is sought then please
request a hard copy. Unless otherwise stated any views or opinions
presented are solely those of the author and do not represent those of
Nomura International plc. This email is intended for informational
purposes only and is not a solicitation or offer to buy or sell
securities or related financial instruments. Nomura International plc is
regulated by the Securities and Futures Authority Limited and is a
member of the London Stock Exchange.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2027&t=1825
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
