Solved

Access List

Posted on 2002-07-14
3
198 Views
Last Modified: 2012-05-04
Hi,

I have a customer running public IP on the 2 interfaces (eth & Serial). Now he wants to implement the access list on the router which only allows 1 IP to access the router from internal LAN and none from the outside.

I am just wondering should i apply the access list in the serial also ?

Please give me saome examples.

Thanks.
0
Comment
Question by:carollow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Expert Comment

by:st_steve
ID: 7153040
If you apply the access list to the serial interface as well, you will block off  all access to the router from outside, wouldn't you? I mean is that what you want? You're blocking outside access to Ethernet interface, which is fine. But I don't think you should apply the access lists to the serial interface, or there will be no outside communications then, unless you have another interface set up.

Maybe I'm reading the question wrong.
0
 
LVL 1

Accepted Solution

by:
ajvel earned 50 total points
ID: 7153601
hi carallow,

It is very much possible. Pls try the below example.

To be Applied to Serial Interface
access-list 101 deny tcp 0.0.0.0 0.0.0.0 host {Serial Interface IP} eq telnet
access-list 101 permit any any

interface serialX
 ip access-group 101 in



To be Applied to Ethernet Inetface

access-list 102 permit tcp host {Monitoring Systems IP} host {Ethernet Interface IP} eq telnet
access-list 102 deny tcp 0.0.0.0 0.0.0.0 host {Ethernet Interface IP} eq telnet
access-list 102 permit any any

interface ethernetx
 ip access-group 102 in

Thanks
ajvel
0
 

Author Comment

by:carollow
ID: 7182000
ajvel,

the access list is not successful on the serial interface, i can still telnet the router from the internet.

carol
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question