Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

two 2501 Routers?

Hey every1.
Can anyone explain how to setup an access-list or Group on a 2501 Cisco Router?(explanation)
Regards,
0
pixer77
Asked:
pixer77
  • 5
  • 4
1 Solution
 
rshooper76Commented:
Here is a sample access list and how to set it up on your interface.

access-list 120 permit tcp any any established
access-list 120 deny   ip 192.168.100.0 0.0.0.255 any
access-list 120 permit icmp any host [your public IP Address] echo-reply
access-list 120 permit icmp any host [your public IP Address] time-exceeded
access-list 120 permit icmp any host [your public IP Address] unreachable
access-list 120 deny   ip 10.0.0.0 0.255.255.255 any
access-list 120 deny   ip 172.16.0.0 0.15.255.255 any
access-list 120 deny   ip 192.168.0.0 0.0.255.255 any
access-list 120 deny   ip 127.0.0.0 0.255.255.255 any
access-list 120 deny   ip host 255.255.255.255 any
access-list 120 deny   ip host 0.0.0.0 any
access-list 120 deny   ip any any log-input

This access list will bock everything that comes into the router from the outside, unless it was initiated from the inside.  Let me kow what traffic you want to come in and out of the router and I can refine the access-list for you.

Here is how to apply it to an interface.  Assume Ethernet1 is your outside interface and we want the access-list to look at traffic comming into it.

interface Ethernet1
 ip access-group 120 in

Access-lists can get complicated, and the one I provided is very simple.  Let me know more about what you want to do and I can help you out.
0
 
pixer77Author Commented:
hi....

(router 2503)  Eth0 -> 192.168.1.253   Serial0 -> 192.1.0.1

access-list 120 permit tcp any any established
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any unreachable
access-list 120 permit icmp any any

interface Ethernet0
 ip access-group 120 in
 ip access-group 120 out


(router2501)   Eth0 -> 192.168.0.253   Serial0 -> 192.1.0.2

access-list 120 permit tcp any any established
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any unreachable
access-list 120 permit icmp any any

interface Ethernet0
 ip access-group 120 in
 ip access-group 120 out



when i try to ping a computer  from ntework 192.168.0.0 i still cant ping a computer in network 192.168.1.0......

any idea why is not working ???
         
0
 
rshooper76Commented:
Can you send me your ip route statements?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
pixer77Author Commented:
(2503)
LM-10#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, Ethernet0
C    192.1.0.0/24 is directly connected, Serial0


(2051)
LM-20#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

C    192.168.0.0 is directly connected, Ethernet0
C    192.1.0.0 is directly connected, Serial0
0
 
rshooper76Commented:
I was actually looking for the IP Route statements you put in the router.  You will need to add a route to each router to tell it how to get to the other router.

router 2503
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.0.0 255.255.255.0 192.1.0.2

router 2501
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.1.0 255.255.255.0 192.1.0.1

I assume you have a serial cable running between the 2 routers?

0
 
pixer77Author Commented:
thx man!!!!!!!!!
0
 
rshooper76Commented:
Are you new to Cisco?  If so I can point you to some material that will really help you out.
0
 
pixer77Author Commented:
hey......now ive got another problem......i am trying to implement a system for point-to-multipoint distribution of video content ....but i dont know how to do it using these two routers(2503-2501)....have u got any clue???
0
 
rshooper76Commented:
Can you give me some more details on this?
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now