• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1214
  • Last Modified:

Limit the Cisco's outbound traffic to one IP & port number.

i have added a Cisco 1120B Wireless Access Point on my existing Network.

i want to limit the Cisco's outbound traffic to one IP & port number as i only need to allow/pass 5250 Terminal emulation services.

How do i configure this to best accomplish my goal.
  • 4
1 Solution
The 1100-series access points run IOS, and so standard access list commands apply.  You may have to go to the command-line interface to set them easily.

kbbcnetAuthor Commented:
PennGwyn, thanks for your repsonse.

*Do you have a configuration example to limit all out-bound traffic out of the Cisco 1100 ethernet port?

The Cisco connects to a network switch via a wired ethernet cable.
Allow only terminal emulation traffic out via the wired port to the AS400 & ok to allow any traffic in-bound to the Cisco thru the wired ethernet port.

Network B:;
Default Gateway: IP:
Switch IP:
*Cisco IP:

Network A:;
*AS400 IP: [ Port 23 terminal emulation]

Site-to-site VPN Firewall connects Network A & B;
kbbcnetAuthor Commented:
The Cisco 1120B is already deployed & working;
Now, i would like to apply my access list. How do the following look?
Apply lists to which interfaces & in or out? [i am not clear on "in" versus "in & out"?]
??? What do the three statements at the end of the config mean???
access-list 100 permit tcp any any established?
access-list 100 permit tcp eq 23
   or/access-list 100 permit tcp Any eq 23?
   or/access-list 100 permit tcp host eq telnet?

access-list 100 deny ip Any
access-list 100 deny ip any any

interface Dot11Radio0
 no ip address
 no ip route-cache
 ip access-group 100 in

interface FastEthernet0
 no ip address
 no ip route-cache

  ip access-group xxx out ?
interface BVI1
 ip address
 no ip route-cache
 ip default-gateway
 ip http server
 no ip http secure-server
 ip radius source-interface BVI1???
 access-list 111 permit tcp any any neq telnet???
 bridge 1 route ip???
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

kbbcnetAuthor Commented:
Depnding on where the access-lists are applied, i may need to allow DNS & ICMP traffic, correct???

access-list xxx permit udp host eq domain any gt 1023
access-list xxx permit udp host eq domain any gt 1023

[courtesy O'Reilly]
! allow pings into the network
    access-list 110 permit icmp any any echo
    ! allow ping responses
    access-list 110 permit icmp any any echo-reply
    ! allow ICMP source-quench
    access-list 110 permit icmp any any source-quench
    ! allow path MTU discovery
    access-list 110 permit icmp any any packet-too-big
    ! allow time-exceeded, which is useful for traceroute
    access-list 110 permit icmp any any time-exceeded
    ! deny all other ICMP packets
    access-list 110 deny icmp any any
kbbcnetAuthor Commented:
Although PennGwyn's comment was correct, it was somewhat general --
i was looking for some good configuration examples to save me research time and Trial & Error.

i did find several good sources and the following met my request precisely!
*Cisco/Configuring IP Access Lists/Document ID: 23602

Moderator please award points - if & as you see fit.  
EE is a great resource & i appreciate you experts much!

i intend to have this question CLOSED or DELETED.
Closed, 500 points refunded.
Community Support Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now