Start Free TrialLog in
Avatar of duta
duta

asked on 

Cisco Router Access Control List commands

Dear experts:

I have a fictitious network as the following diagram.

Assume that currently  I am using Router B (in the middle).

I wrote commands to execute the following two access controls:

1.To deny   192.168.1.99      access to  192.168.3.99:

(config)#            access-list      10   deny    192.168.1.99   0.0.0.0
(config)#            access-list      10   permit   any
(config)#                  int     s1/1
(config-if)#            ip    access-group   10     out

2. To deny 192.168.2.99   access to  192.168.1.99:

(config)#            access-list      10   deny    192.168.2.99   0.0.0.0
(config)#            access-list      10   permit   any
(config)#                  int     s1/0
(config-if)#            ip    access-group   10     out

I am not quite sure whether my commands are absolutely accurate.  Can you experts kindly check my commands above?   I am confused particualrly about   "int   s1/0"  part.  Can you give me some extra explanations regarding which serial piort IO I should use?

I am total novice. Please give me a complete command if  my commands were inaccurate.

Thanks a lot!


-------------------------------------------------   NETWORK  DIAGRAM ---------------------------------------

e0: 192.168.1.1                                            e0/0: 192.168.2.1                                    e0/0: 192.168.3.1
s0: 192.168.                                                 s1/0: 192.168.4.2                                    s1/0: 192.168.5.2
                                                                     s1/1: 192.168.5.1

   e0                                                                         e0/0                                                                   e0/0
Router  A  s0   -----------------------------    s1/0    Router  B   s1/1    -----------------------         s1/0Router C
      |                                                                            |                                                                          |
      |                                                                            |                                                                          |
      |                                                                            |                                                                          |
192.168.1.99                                                  192.168.2.99                                                    192.168.3.99

Routers
Avatar of undefined
Last Comment
duta
Avatar of duta
duta

ASKER

In addition, I have an extra question:

I noticed that some used ethertnet port IP as the follows:
(config)#                  int     e0,  

instead of s1/0 or s1/1 or s0.

What is the difference between using e0 and using s1/1 or s1/0?

I also noticed that someone used the first two lines as the follows:

config)#            access-list      10   deny    192.168.1.99   0.0.0.0
(config)#            access-list      10   permit   any

In other words, they did not apply any ACL to ethernet or serial interface.

Do I still need to apply Acess Control List to interfaces?

Thanks!

ASKER CERTIFIED SOLUTION
Avatar of calvinetter
calvinetter
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of duta
duta

ASKER

Dear SAGE:

Thank you so much for your kind tip.
Can you kindly give me a complete command when I use a standard ACL td do (1) and (2)  TOO?


Thanks!
Avatar of calvinetter
calvinetter
Flag of United States of America image
Hi there,

As I mentioned above, you *can't* use a standard ACL to accomplish this, due to the limitations of standard ACLs.  Please read through the URLs I posted above for some good documentation.

cheers
Avatar of duta
duta

ASKER

Thanks a lot, SAGE!

duta
Routers
Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent