Cisco ACL

TO most of you this is going to be so easy its unreal, but I am studing and just cannot figure it out.
access-list 100 permit tcp any any eq 80 established
int s0/0
  ip access-group 100 in
 
Given the commands shown above and assuming S0/0 is the outside (Internet-facing) interface, explain what this ACL does
LVL 1
RSMTECH_KCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
ip access-list 100 permit tcp any any eq 80 established     ' allows any response to web page requests from inside that reply on port 80 but restricts all other port 80 traffic

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itnetworknCommented:
I think I found a good example for you to reference. Let me know if you have anymore questions and I'll be happy to help.

"access-list 102 permit tcp any 63.36.9.0 0.0.0.255 established

Since you only want your users to be able to browse the Internet, you must block all incoming traffic accept for the established connections in which the websites are replying to a computer on your network. Doing this is impossible unless you use the 'established' command.

Now that we are familiar with the 'established' command, ACL 102 simply states to permit established traffic from anywhere to all computers within our 63.36.9.0 network.

You may ask why access-list 102 does not read:

access-list 102 permit tcp any any established

In this situation this works just as good, but because it is not as specific, it is considered a hole or an area of vulnerability (especially if you ever got another block of IP addresses)."

Reference: http://www.networkclue.com/routing/cisco/access-lists/index.aspx
0
RSMTECH_KCAuthor Commented:
I know I am not supposed to in the same question, but that is very helpful so can I ask this and I promise I am done.
Type the global configuration mode and line configuration mode commands that are required to secure the vty lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote telnet or ssh logins to the Cisco router.
0
Steven CarnahanNetwork ManagerCommented:
access-list 2 permit host 172.16.10.2          Permits host 172.16.10.2 to Telnet into this router
access-list 2 permit 172-16-20-0 0.0.0.255          Permits anyone from the 172-16.20.x address range into this router

line vty 0 4                                                  Denies all other Telnet requests (because of the implicit deny)

access-class 2 in
0
Steven CarnahanNetwork ManagerCommented:
hit enter before finishing description of last line - it Applies this ACL to all five vty virtural interfaces.

This was taken directly from Cisco's CCNA portable Command Guide
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.