Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access Control List

Status
Not open for further replies.

rflanary

IS-IT--Management
Apr 21, 2006
89
US
I have a question. I have a single computer system I want to control access with an access control list from the router. I want the system to only communicate with another system at our home office. I want it to be able to have out bound traffic to a specific ip and no in bound traffic. Can this be done with and ACL?
 
Well, yes you can do it. How you do it depends on your current config

UnaBomber
ccnp mcse2k
 
As I said it depends on your config, post your config

UnaBomber
ccnp mcse2k
 
When you set up the ACL, be sure that you allow inbound traffic. A common problem is to prohibit all inbound traffic, which includes responses to established sessions. Then nothing works.
 
Hey, unabomber---ever get kicked off of tektips? This is directlyconnected, aka browneyespecial, aka fartingfrog, aka kingofcisco. As you can tell, I've had several user names suspended because of comments like the ones you make, which I see nothing wrong with. As a result of this post, I will have to come up with yet another one. Too many dipshits on these forums wanting free advice. Here's some advice---have a clue about the information you are posting about, like what a ****ing acl is!!! (that goes for rflanary, not you, unabomber). Later

 
Forgive me if I don't know that much about ACL's. I am a newbie and learning. Ever wonder why they kicked you off. Why else would there be forums if you could not ask for help. That all i asked for. So take your s@@t somewhere else.

 
Ha ha. Example----your computer you want to control has the ip address of 192.168.1.2, and the one you want to access is 192.168.1.3. The router is attached via fastethernet 0/0 to a switch, to which the two computers are attached. You cannot deny all inbound traffic to 192.168.1.2, because then it can't build an arp cache. IP traffic, yes. So, you need an extended acl.

router>en
router#conf t
router(config)#access-list 101 permit ip 192.168.1.2 0.0.0.255 192.168.1.3 0.0.0.255
router(config)#int fa0/0
router(config-if)#ip access-group 101 out
router(config-if)#^z(which is control-z)
router#
That should work. As soon as you make an acl (the first statement is always permit), then it inspects all traffic on the interface to which you apply the acl, in the direction you specify. With this one statement acl, it denies everything else, aside from of course the traffic it permits, which is ip traffic coming from computer a and going to computer b. If it does not work, post a reply again. Sorry for being a smart ass, but it seems if you know nothing about that which you are asking, how the f*** can you understand the answer? Something tells me you are not in charge of configuring the devices at this place, and if you are, they are in serious trouble...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top