Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

access-list 2

Status
Not open for further replies.
cisco4you

cisco4you

IS-IT--Management
May 9, 2003
4
CA
Lets say I have an address of 192.1.1.0 and after subnetting I have to make an access-list to: 1.even address computer can telnet the router (based on statically allocated IP address), 2. Odd address computer can only telnet local hosts and cannot telnet the gateway.
I want to know how the access-list would look like.
 
Sort by date Sort by votes
Well, sonce the even/odd idea doesn't come up in Networking too often (at least not how you're doing his). There really isn't any "easy" way/ Pretty much you would have alot of "permit" statements for each IP that was able to telnet in. Remeber that access-lists are a first match type of structure. Meaning that the first match that it hit in the access-list it takes, it doesn't read through the entire thing. So it would probably look something like this...

access-list 101 permit tcp 192.1.1.2 0.0.0.0 <gateway IP> 0.0.0.0 eq 23
access-list 101 permit tcp 192.1.1.4 0.0.0.0 <gateway IP> 0.0.0.0 eq 23
access-list 101 permit tcp 192.1.1.6 0.0.0.0 <gateway IP> 0.0.0.0 eq 23
access-list 101 permit tcp 192.1.1.8 0.0.0.0 <gateway IP> 0.0.0.0 eq 23
access-list 101 permit tcp 192.1.1.10 0.0.0.0 <gateway IP> 0.0.0.0 eq 23
........

You would continue down the line until you reached the end of that subnet. Don't forget that there is an implicit deny at the end, so you would also need to specify &quot;permit&quot; statements for traffic other than telnet to go through the interface.

Let me know if this helps.

Burke
 
Upvote 0 Downvote
I would try an access-list limiting the access to the router to the permitted hosts:
access-list 99 deny 192.1.1.0 0.0.0.1
access-list 99 permit any
line vty x y
access-class 99 in

This access-list means that if a host ip address end with the first bit set (an odd address) it is denied. Apply the access-list to the line vty, so it does not interfere with your traffic.
 
Upvote 0 Downvote
I apologize for any inconvenience but I believe my access-list is not correct. As I am without access to my lab for while I would recommend you double check it but the correct one should be:
access-list 99 permit 192.1.1.0 0.0.0.254
Keep everything else. Lets us know if you have the chance to test the access-list.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
158
dmourghen
dmourghen
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
596
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
806
iggsterman
iggsterman
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
163
mrdom
mrdom
napoleao
  • Locked
  • Question
Access List Vlan 1
Replies
5
Views
196
napoleao
napoleao

Part and Inventory Search

Sponsor

Back
Top