Link to home
Start Free TrialLog in
Avatar of duta
duta

asked on

Cisco Router Access Control List commands

Dear experts:

I have a fictitious network as the following diagram.

Assume that currently  I am using Router B (in the middle).

I wrote commands to execute the following two access controls:

1.To deny   192.168.1.99      access to  192.168.3.99:

(config)#            access-list      10   deny    192.168.1.99   0.0.0.0
(config)#            access-list      10   permit   any
(config)#                  int     s1/1
(config-if)#            ip    access-group   10     out

2. To deny 192.168.2.99   access to  192.168.1.99:

(config)#            access-list      10   deny    192.168.2.99   0.0.0.0
(config)#            access-list      10   permit   any
(config)#                  int     s1/0
(config-if)#            ip    access-group   10     out

I am not quite sure whether my commands are absolutely accurate.  Can you experts kindly check my commands above?   I am confused particualrly about   "int   s1/0"  part.  Can you give me some extra explanations regarding which serial piort IO I should use?

I am total novice. Please give me a complete command if  my commands were inaccurate.

Thanks a lot!


-------------------------------------------------   NETWORK  DIAGRAM ---------------------------------------

e0: 192.168.1.1                                            e0/0: 192.168.2.1                                    e0/0: 192.168.3.1
s0: 192.168.                                                 s1/0: 192.168.4.2                                    s1/0: 192.168.5.2
                                                                     s1/1: 192.168.5.1

   e0                                                                         e0/0                                                                   e0/0
Router  A  s0   -----------------------------    s1/0    Router  B   s1/1    -----------------------         s1/0Router C
      |                                                                            |                                                                          |
      |                                                                            |                                                                          |
      |                                                                            |                                                                          |
192.168.1.99                                                  192.168.2.99                                                    192.168.3.99

Avatar of duta
duta

ASKER

In addition, I have an extra question:

I noticed that some used ethertnet port IP as the follows:
(config)#                  int     e0,  

instead of s1/0 or s1/1 or s0.

What is the difference between using e0 and using s1/1 or s1/0?

I also noticed that someone used the first two lines as the follows:

config)#            access-list      10   deny    192.168.1.99   0.0.0.0
(config)#            access-list      10   permit   any

In other words, they did not apply any ACL to ethernet or serial interface.

Do I still need to apply Acess Control List to interfaces?

Thanks!

ASKER CERTIFIED SOLUTION
Avatar of calvinetter
calvinetter
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of duta

ASKER

Dear SAGE:

Thank you so much for your kind tip.
Can you kindly give me a complete command when I use a standard ACL td do (1) and (2)  TOO?


Thanks!
Hi there,

As I mentioned above, you *can't* use a standard ACL to accomplish this, due to the limitations of standard ACLs.  Please read through the URLs I posted above for some good documentation.

cheers
Avatar of duta

ASKER

Thanks a lot, SAGE!

duta