Solved

applying Access lists

Posted on 2008-06-25
9
215 Views
Last Modified: 2011-10-19
If I understand:

When applying access list to interfaces, we apply the standard access list at the destination interface
 we apply the extended access list at source interface or may be both.

Router(config-if)# ip access-group  AccessListName out

My question is:
- if we have 2 routers routerA and RouterB both have 3 interfaces, but dierectly connected through one interface.
we need to apply an  access lists to block SMTP traffic  from router A to routerB
an we need to block all traffic from host 192.168.1.45 located  behind routerB network and going to routerA


how can we configure access lists?

thanks
0
Comment
Question by:jskfan
  • 5
  • 4
9 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 21864472
If all you're trying to do is control access on the link between the two routers, then you could apply the standard ACL outbound on one router and the extended ACL inbound on the other.
0
 

Author Comment

by:jskfan
ID: 21865762
Here is the diagram:

Router.bmp
0
 

Author Comment

by:jskfan
ID: 21870152
we need to apply an  access lists to block SMTP traffic  from router1 to router2
an we need to block all traffic from host 192.168.1.45 located  behind router2 network and going to router1.
how do you write the command line to acieve that?

0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 21870212
The following would be done on Router 1


access-list 1 deny 192.168.1.45 0.0.0.0

access-list 1 permit any

access-list 101 deny tcp any any eq 25

access-list 101 permit ip any any

!

int e2

 ip access-group 101 out

 ip access-group 1 in

Open in new window

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:jskfan
ID: 21871375
could you please specufy whic int e2 are you applying the access lists to? is it the e2 on router1 or e2 on router2?

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 21873737
A router can only have one ethernet 2 interface.
0
 

Author Comment

by:jskfan
ID: 21874553
in the diagram both routers have e0,e1,e2
can you tell me to which e2 didi you apply the access list?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 21880278
If you look at my comment where I posted the config, you will see "The following would be done on Router 1"


0
 

Author Comment

by:jskfan
ID: 21880545
sorry I did not see it.

The purpose of posting this question was to understand when and where to use the "in" and "out " at the interface level.

in your case you applied  :
Extended access list at the source router Router1 (e2) to prevent any SMTP traffic to go to Router2
Standard Access list at the destination router Router1 (e2) to prevent the traffic from 192.168.1.45  to come in through e2.
Is there any rule to follow in order to know to which interface the access list should be applied to?

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now