From: Jongsoo.Kim@Intelsat.com
Date: Sat Mar 19 2005 - 18:29:46 GMT-3
I assumed you have BGP, OSPF, rip, DLSW+ runinnig over this S0.
I just type this from CD_DOC
ip access-list extended inbound
permit tcp 0.0.0.1 255.255.255.254 any eq telnet
permit tcp any eq ftp 172.17.59.80 0.0.0.15 established
permit tcp any eq ftp-data 172.17.59.80 0.0.0.15 established
permit udp any eq TFTP any
permit udp any any eq tftp
permit tcp any eq SMTP any
permit tcp any any eq SMTP
permit tcp any eq WWW any
permit tcp any any eq WWW
ICMP permit icmp any any
DSLW permit tcp any eq range 11000 11999 any eq 2065
permit tcp any eq 2065 any eq range 11000 11999
DSLW permit udp any eq 0 any eq 2067
permit udp any eq 2067 any eq 0
OSPF Permit ospf any any
rip permit udp any eq rip any
permit udp any any eq rip
BGP permit tcp any eq bgp any
permit tcp any any eq bgp
Int S0
ip access-group inbound in
Regards
Jongsoo
-----Original Message-----
From: Noble [mailto:noble@inserviceindia.com]
Sent: Saturday, March 19, 2005 4:03 PM
To: GroupStudy - Posting
Subject: Access List Configuration
Hi,
Can anyone help me in configuring the following access-list?
172.17.59.64/28
|
S0
|
R5
|
E0
|
VLAN50
|
172.17.59.80/28
Configure an inbound access list called INBOUND on R5 S0 that satisfies
following.
1. Telnet sessions are permitted only if originated from ip addresses whose
last octet is odd number.
2. FTP Sessions are permitted only if established from R5's E0 subnet.
3.TFTP, SMTP and WWW are permitted both ways.
4. Allow pings from anywhere.
5.Confirm connectivity after applying the access list. Verify that a telnet
to R5's E0 from r2's S0/0 fails but a telnet from R2's Fa0/0 works.
6. Ensure that routing and DLSw+ works while explicitly denying all other
traffic.
Any suggestion will be highly appreciated.
Thanks,
Noble
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:48 GMT-3