From: Radioactive Frog (pbhatkoti@gmail.com)
Date: Sat Apr 08 2006 - 13:47:16 GMT-3
Hi Ali,
Thanks for your reply.
Tried that but no success. have a look of config below:-
Any suggestion ?
ROUTER-1
----------------
Router-1 #sh run
Building Configuration...
Current Configuration : 824
!
version 12.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
!
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
!
!
interface Serial0/0
ip address 100.100.100.1 255.255.255.0
no ip directed-broadcast
ip access-group 100 in
clockrate 64000
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/2
no ip address
no ip directed-broadcast
shutdown
!
no ip classless
ip route 0.0.0.0 0.0.0.0 100.100.100.2
!
access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.3 eq www
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
!
end
Router1#
Router-2: (192.168.2.0 subnet).
-------------
remote#sh run
Building Configuration...
Current Configuration : 641
!
version 12.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname remote
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
!
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
!
!
interface Serial0/0
ip address 100.100.100.2 255.255.255.0
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/2
no ip address
no ip directed-broadcast
shutdown
!
no ip classless
ip route 0.0.0.0 0.0.0.0 100.100.100.1
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
remote#
On 4/9/06, Ali AlKaff <asalkaff@msn.com> wrote:
>
> I couldn't exactly figure out the layer 3 topology from your question, but
> assuming that PC1 is on 192.168.1.0/24 and PC2 is on the other side on
> 192.168.2.0/24, I think you'd go like this on ROUTER-1:
>
> ip access-list extended ACL
> deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.3 neq telnet
> permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> !
> interface [facing PC1]
> ip access-group ACL in
> !
> end
>
>
> HTH,
>
> Ali
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Radioactive Frog
> Sent: Saturday, 08 April 2006 18:22
> To: Cisco certification
> Subject: what is the best efficient way ---> ACL question
>
> Hi Group,
>
> The below is a scenario:-
>
>
>
>
>
PC1-----------------------ROUTER-1----------serial-------------------Router-
> 2
> ------Switch
> -------------PC-2 (192.168.2.3)
>
> |--------------------PC-3 (192.168.2.4)
>
> --------------------192.168.1.0/24--------
> -------------------------192.168.2.0/24-----------------------
>
> What is the best way to achieve the following goals without route map or
> prefix list.
> Just with plain extended list ? IN/OUT where which interface ?
>
> 1) From 192.168.1.0 to 192.168.2.0 - all types of traffic allowed.
> 2) From 192.168.1.0 to 192.168.2.3 - should have only telnet access, all
> other type of traffic shouldn't allowed to 192.168.2.3
>
> Answer with explanation are welcome, however any idea would be also good.
>
>
> Regards,
>
> Frog..
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3