Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > new acl ? followup

Reply
Thread Tools

new acl ? followup

 
 
Brian Bergin
Guest
Posts: n/a
 
      11-21-2003
If this is my current ACL 101 assigned to Serial0/0 ( ip access-group 101 in):

access-list 101 deny ip host a.b.c.2 any log
access-list 101 deny ip host a.b.c.37 any log
access-list 101 deny ip host a.b.c.6 any log
access-list 101 deny ip host a.b.c.12 any log
access-list 101 deny ip host a.b.c.3 any log
access-list 101 deny ip host a.b.c.36 any log
access-list 101 deny ip host a.b.c.26 any log
access-list 101 permit udp any host a.b.c.2 eq domain log
access-list 101 permit tcp any host a.b.c.2 eq domain log
access-list 101 deny ip any host a.b.c.2 log
access-list 101 permit tcp any host a.b.c.3 eq 3389 log
access-list 101 permit tcp any host a.b.c.3 eq 443 log
access-list 101 deny ip any host a.b.c.3 log
access-list 101 permit tcp any host a.b.c.36 eq 3389 log
access-list 101 permit tcp any host a.b.c.36 eq www log
access-list 101 deny ip any host a.b.c.36 log
access-list 101 permit gre any any
access-list 101 permit tcp any host a.b.c.37 eq 1723 log
access-list 101 deny ip any host a.b.c.37 log
access-list 101 permit tcp any host a.b.c.6 eq www log
access-list 101 deny ip any host a.b.c.6 log
access-list 101 permit tcp any host a.b.c.12 eq smtp log
access-list 101 deny ip any host a.b.c.12 log
access-list 101 permit icmp any any echo-reply log
access-list 101 permit icmp any any time-exceeded log
access-list 101 permit icmp any any port-unreachable log
access-list 101 permit tcp any host a.b.c.26 eq www log
access-list 101 permit tcp any host a.b.c.26 eq 443 log
access-list 101 deny ip any host a.b.c.26 log


and I want to block the following,


access-list 101 deny ip 61.0.0.0 0.255.255.255 any log


they go before the rest of my ACL, right? Like this:

access-list 101 deny ip host a.b.c.2 any log
access-list 101 deny ip host a.b.c.37 any log
access-list 101 deny ip host a.b.c.6 any log
access-list 101 deny ip host a.b.c.12 any log
access-list 101 deny ip host a.b.c.3 any log
access-list 101 deny ip host a.b.c.36 any log
access-list 101 deny ip host a.b.c.26 any log
!
access-list 101 deny ip 61.0.0.0 0.255.255.255 any log
!
access-list 101 permit udp any host a.b.c.2 eq domain log
access-list 101 permit tcp any host a.b.c.2 eq domain log
access-list 101 deny ip any host a.b.c.2 log
access-list 101 permit tcp any host a.b.c.3 eq 3389 log
access-list 101 permit tcp any host a.b.c.3 eq 443 log
access-list 101 deny ip any host a.b.c.3 log
access-list 101 permit tcp any host a.b.c.36 eq 3389 log
access-list 101 permit tcp any host a.b.c.36 eq www log
access-list 101 deny ip any host a.b.c.36 log
access-list 101 permit gre any any
access-list 101 permit tcp any host a.b.c.37 eq 1723 log
access-list 101 deny ip any host a.b.c.37 log
access-list 101 permit tcp any host a.b.c.6 eq www log
access-list 101 deny ip any host a.b.c.6 log
access-list 101 permit tcp any host a.b.c.12 eq smtp log
access-list 101 deny ip any host a.b.c.12 log
access-list 101 permit icmp any any echo-reply log
access-list 101 permit icmp any any time-exceeded log
access-list 101 permit icmp any any port-unreachable log
access-list 101 permit tcp any host a.b.c.26 eq www log
access-list 101 permit tcp any host a.b.c.26 eq 443 log
access-list 101 deny ip any host a.b.c.26 log

Thanks...

Thanks...
Brian Bergin

I can be reached via e-mail at
cisco_dot_news_at_comcept_dot_net.

Please post replies to the group so all may benefit.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
How to followup for certificate Sachin Parab Microsoft Certification 3 08-19-2005 10:32 PM
USB vhdl code (followup) Rob Maris VHDL 3 08-08-2004 10:10 AM
PIX - Can extended ACL's be used as crypto ACL's on a PIX Shad T Cisco 0 06-29-2004 06:27 PM
followup: CGMP, IGMP Snooping, and the PIX Mike S. Whitlow Cisco 0 02-27-2004 05:43 PM



Advertisments