ACL

From: Sharma, Mohit (mohit.sharma@hp.com)
Date: Tue Jun 08 2004 - 14:38:27 GMT-3

• Next message: Richard Dumoulin: "RE: ACL"
• Previous message: Joe Rinehart: "Re: Anyone taking lab in RTP on 7/28/04?"
• Next in thread: Richard Dumoulin: "RE: ACL"
• Maybe reply: Richard Dumoulin: "RE: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello All,

If the question states- Create an access-list at the serial interface of
a router, so that only ftp, web and ospf traffic is allowed in. There
are clients and servers on the user LAN.

Now since this specifically states that there are BOTH clients AND
servers in the Lan, should we do this-

access-list 101 permit tcp any eq www 1.1.1.0 0.0.0.255
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq www
Access-list 101 permit tcp any eq ftp 1.1.1.0 0.0.0.255
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq ftp
Access-list 101 permit any eq ftp-data 1.1.1.0 0.0.0.255
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq ftp-data
Access-list 101 permit ospf any any

This is because since the requirement mentions both clients and servers
at the User interface, the serial interface may get request from outside
with a source port of www or ftp OR it may also get traffic in response
to the clients from the User LAN which has ftp or www in the destination
port.

OR Just this will suffice-
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq www
Access-list 101 permit tcp any 1.1.1.0.0.0.255 eq ftp
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq ftp-data
Access-list 101 permit ospf any any

Could somebody please comment.

Smiles,

Mohit.

• Next message: Richard Dumoulin: "RE: ACL"
• Previous message: Joe Rinehart: "Re: Anyone taking lab in RTP on 7/28/04?"
• Next in thread: Richard Dumoulin: "RE: ACL"
• Maybe reply: Richard Dumoulin: "RE: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:35 GMT-3