duta
asked on
Cisco Router Access Control List commands
Dear experts:
I have a fictitious network as the following diagram.
Assume that currently I am using Router B (in the middle).
I wrote commands to execute the following two access controls:
1.To deny 192.168.1.99 access to 192.168.3.99:
(config)# access-list 10 deny 192.168.1.99 0.0.0.0
(config)# access-list 10 permit any
(config)# int s1/1
(config-if)# ip access-group 10 out
2. To deny 192.168.2.99 access to 192.168.1.99:
(config)# access-list 10 deny 192.168.2.99 0.0.0.0
(config)# access-list 10 permit any
(config)# int s1/0
(config-if)# ip access-group 10 out
I am not quite sure whether my commands are absolutely accurate. Can you experts kindly check my commands above? I am confused particualrly about "int s1/0" part. Can you give me some extra explanations regarding which serial piort IO I should use?
I am total novice. Please give me a complete command if my commands were inaccurate.
Thanks a lot!
-------------------------- ---------- ---------- --- NETWORK DIAGRAM -------------------------- ---------- ---
e0: 192.168.1.1 e0/0: 192.168.2.1 e0/0: 192.168.3.1
s0: 192.168. s1/0: 192.168.4.2 s1/0: 192.168.5.2
s1/1: 192.168.5.1
e0 e0/0 e0/0
Router A s0 -------------------------- --- s1/0 Router B s1/1 ----------------------- s1/0Router C
| | |
| | |
| | |
192.168.1.99 192.168.2.99 192.168.3.99
I have a fictitious network as the following diagram.
Assume that currently I am using Router B (in the middle).
I wrote commands to execute the following two access controls:
1.To deny 192.168.1.99 access to 192.168.3.99:
(config)# access-list 10 deny 192.168.1.99 0.0.0.0
(config)# access-list 10 permit any
(config)# int s1/1
(config-if)# ip access-group 10 out
2. To deny 192.168.2.99 access to 192.168.1.99:
(config)# access-list 10 deny 192.168.2.99 0.0.0.0
(config)# access-list 10 permit any
(config)# int s1/0
(config-if)# ip access-group 10 out
I am not quite sure whether my commands are absolutely accurate. Can you experts kindly check my commands above? I am confused particualrly about "int s1/0" part. Can you give me some extra explanations regarding which serial piort IO I should use?
I am total novice. Please give me a complete command if my commands were inaccurate.
Thanks a lot!
--------------------------
e0: 192.168.1.1 e0/0: 192.168.2.1 e0/0: 192.168.3.1
s0: 192.168. s1/0: 192.168.4.2 s1/0: 192.168.5.2
s1/1: 192.168.5.1
e0 e0/0 e0/0
Router A s0 --------------------------
| | |
| | |
| | |
192.168.1.99 192.168.2.99 192.168.3.99
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear SAGE:
Thank you so much for your kind tip.
Can you kindly give me a complete command when I use a standard ACL td do (1) and (2) TOO?
Thanks!
Thank you so much for your kind tip.
Can you kindly give me a complete command when I use a standard ACL td do (1) and (2) TOO?
Thanks!
Hi there,
As I mentioned above, you *can't* use a standard ACL to accomplish this, due to the limitations of standard ACLs. Please read through the URLs I posted above for some good documentation.
cheers
As I mentioned above, you *can't* use a standard ACL to accomplish this, due to the limitations of standard ACLs. Please read through the URLs I posted above for some good documentation.
cheers
ASKER
Thanks a lot, SAGE!
duta
duta
ASKER
I noticed that some used ethertnet port IP as the follows:
(config)# int e0,
instead of s1/0 or s1/1 or s0.
What is the difference between using e0 and using s1/1 or s1/0?
I also noticed that someone used the first two lines as the follows:
config)# access-list 10 deny 192.168.1.99 0.0.0.0
(config)# access-list 10 permit any
In other words, they did not apply any ACL to ethernet or serial interface.
Do I still need to apply Acess Control List to interfaces?
Thanks!