Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1208
  • Last Modified:

Limit the Cisco's outbound traffic to one IP & port number.

i have added a Cisco 1120B Wireless Access Point on my existing Network.

i want to limit the Cisco's outbound traffic to one IP & port number as i only need to allow/pass 5250 Terminal emulation services.

How do i configure this to best accomplish my goal.
  • 4
1 Solution
The 1100-series access points run IOS, and so standard access list commands apply.  You may have to go to the command-line interface to set them easily.

kbbcnetAuthor Commented:
PennGwyn, thanks for your repsonse.

*Do you have a configuration example to limit all out-bound traffic out of the Cisco 1100 ethernet port?

The Cisco connects to a network switch via a wired ethernet cable.
Allow only terminal emulation traffic out via the wired port to the AS400 & ok to allow any traffic in-bound to the Cisco thru the wired ethernet port.

Network B:;
Default Gateway: IP:
Switch IP:
*Cisco IP:

Network A:;
*AS400 IP: [ Port 23 terminal emulation]

Site-to-site VPN Firewall connects Network A & B;
kbbcnetAuthor Commented:
The Cisco 1120B is already deployed & working;
Now, i would like to apply my access list. How do the following look?
Apply lists to which interfaces & in or out? [i am not clear on "in" versus "in & out"?]
??? What do the three statements at the end of the config mean???
access-list 100 permit tcp any any established?
access-list 100 permit tcp eq 23
   or/access-list 100 permit tcp Any eq 23?
   or/access-list 100 permit tcp host eq telnet?

access-list 100 deny ip Any
access-list 100 deny ip any any

interface Dot11Radio0
 no ip address
 no ip route-cache
 ip access-group 100 in

interface FastEthernet0
 no ip address
 no ip route-cache

  ip access-group xxx out ?
interface BVI1
 ip address
 no ip route-cache
 ip default-gateway
 ip http server
 no ip http secure-server
 ip radius source-interface BVI1???
 access-list 111 permit tcp any any neq telnet???
 bridge 1 route ip???

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

kbbcnetAuthor Commented:
Depnding on where the access-lists are applied, i may need to allow DNS & ICMP traffic, correct???

access-list xxx permit udp host eq domain any gt 1023
access-list xxx permit udp host eq domain any gt 1023

[courtesy O'Reilly]
! allow pings into the network
    access-list 110 permit icmp any any echo
    ! allow ping responses
    access-list 110 permit icmp any any echo-reply
    ! allow ICMP source-quench
    access-list 110 permit icmp any any source-quench
    ! allow path MTU discovery
    access-list 110 permit icmp any any packet-too-big
    ! allow time-exceeded, which is useful for traceroute
    access-list 110 permit icmp any any time-exceeded
    ! deny all other ICMP packets
    access-list 110 deny icmp any any
kbbcnetAuthor Commented:
Although PennGwyn's comment was correct, it was somewhat general --
i was looking for some good configuration examples to save me research time and Trial & Error.

i did find several good sources and the following met my request precisely!
*Cisco/Configuring IP Access Lists/Document ID: 23602

Moderator please award points - if & as you see fit.  
EE is a great resource & i appreciate you experts much!

i intend to have this question CLOSED or DELETED.
Closed, 500 points refunded.
Community Support Moderator

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now