?
Solved

access list blocking my telnet.

Posted on 2006-06-14
6
Medium Priority
?
331 Views
Last Modified: 2010-03-19
hi, router newbe question: re: cisco 2524  ios version 11
I am trying to block  the ip addresses from a website that is always connected to my smtp.  This website apparently owns a block because the specific address is alway different in the last octet.
i tried using RouterA(config)#access-list 1 deny 203.66.88.0 0.0.0.255
and then
RouterA>enable
RouterA#config t
RouterA(config)# int s0
RouterA(config-if)#ip access-group 1 in

My problem is that as soon as I entered the last command, I was kicked off the telnet and can not reconnect.  I'm sure this is a dumb newbe mistake.  FYI my ip address is NOT 203.66.88.0
Laura
0
Comment
Question by:lizardqueen007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908592
If possible, I would like to block all smtp coming into server from domain  hinet.net which I'm sure creates huge amouts of spam for us all.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16908686
Hopefully you have s serial console cable and can connect via the console port to fix your telnet problem.

I am not sure from a router you can block e-mail from a domina.  You can block it by address, but are you 100% sure that the offending e-mail is really coming from hinet.net and not being spoofed or relayed through an open SMTP relay?
0
 

Expert Comment

by:nurulbhai
ID: 16908784
You can not block domain name by using only a router. If you know the IP address range of the domain you are blocking, go ahead use the access-list as you did but with another line added. Please add the following line also.
access-list 1 permit any
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908821
yes I can use hyperterminal and now that I am at the location (51 miles away ouch!) I restarted the router and the config went back to startup.
I still would like to create an access list if possible.  No I am not positive that the ip is not spoofed except for using the whois.  I was mostly experimenting with access lists and I do not understand why the router kicked me off.  I also figured so what if I block all traffic from
inetnum:      61.216.0.0 - 61.219.255.255
netname:      HINET-TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
Do I really care?
If this is a stupid thing to do, please tell me.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 16908843
It's not a bad idea to block these hosts if you never expect to get email from Taiwan anyway...

Here's how:

access-list 101 deny ip 61.216.0.0 0.0.255.255 any
access-list 101 permit ip any any

interface Serial 0
 ip access-group 101 in

Basic problem is that you forgot the "permit any"
Access lists *always* have an implicit "deny all" at the end.

access-list 1 deny 61.216.0.0 0.0.0.255
access-list 1 permit any

would work just as well..

You're a quick study, Laura!

0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908922
Thanks again Irmoore- Maybe I should have split some points because everyone has been helpful, but I haven't forgotten giltr that you are helping me alot and I will make sure points are given on other questions.  Believe me, I have a lot of questions.
Thank everyone this is a great resource.
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question