Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco 2600 access list?

Reply
Thread Tools

cisco 2600 access list?

 
 
Dave Hauss
Guest
Posts: n/a
 
      01-22-2004
I am wondering if there is any easy way to do this.. I have a server
on my network with a valid internet assignable ip address. I need to
be able to set the 2600 router so that when someone tried to access
it, it will look in an access list to see if it is a valid IP address
coming into it. if it is, it will let them through to the server and
if not, block access.. how do I do this on a 2600 router?
 
Reply With Quote
 
 
 
 
Barry Margolin
Guest
Posts: n/a
 
      01-22-2004
In article <(E-Mail Removed)> ,
http://www.velocityreviews.com/forums/(E-Mail Removed) (Dave Hauss) wrote:

> I am wondering if there is any easy way to do this.. I have a server
> on my network with a valid internet assignable ip address. I need to
> be able to set the 2600 router so that when someone tried to access
> it, it will look in an access list to see if it is a valid IP address
> coming into it. if it is, it will let them through to the server and
> if not, block access.. how do I do this on a 2600 router?


The following will block packets from RFC 1918 private addresses:

access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip any any

You can add additional invalid address ranges, like class D/E and
link-local address.

--
Barry Margolin, (E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
 
Reply With Quote
 
 
 
 
Dave Hauss
Guest
Posts: n/a
 
      01-22-2004
lets say my IP addressof the server is 209.156.6.6 and I want to say a
ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
how do I do that?


Barry Margolin <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <(E-Mail Removed)> ,
> (E-Mail Removed) (Dave Hauss) wrote:
>
> > I am wondering if there is any easy way to do this.. I have a server
> > on my network with a valid internet assignable ip address. I need to
> > be able to set the 2600 router so that when someone tried to access
> > it, it will look in an access list to see if it is a valid IP address
> > coming into it. if it is, it will let them through to the server and
> > if not, block access.. how do I do this on a 2600 router?

>
> The following will block packets from RFC 1918 private addresses:
>
> access-list 101 deny ip 10.0.0.0 0.255.255.255 any
> access-list 101 deny ip 172.16.0.0 0.15.255.255 any
> access-list 101 deny ip 192.168.0.0 0.0.255.255 any
> access-list 101 permit ip any any
>
> You can add additional invalid address ranges, like class D/E and
> link-local address.

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-22-2004
In article <(E-Mail Removed) >,
Dave Hauss <(E-Mail Removed)> wrote:
:lets say my IP addressof the server is 209.156.6.6 and I want to say a
:ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
:how do I do that?

access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6
--
We don't need no side effect-ing
We don't need no scope control
No global variables for execution
Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
 
Reply With Quote
 
Dave Hauss
Guest
Posts: n/a
 
      01-23-2004
** Can you explain what this all means and also can I use CISCO CONFIG
MAKER to create access lists and where in the program do I do it?

Thanks..




http://www.velocityreviews.com/forums/(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message news:<bup5af$qq1$(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> Dave Hauss <(E-Mail Removed)> wrote:
> :lets say my IP addressof the server is 209.156.6.6 and I want to say a
> :ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
> :how do I do that?
>
> access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
> access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
> access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
> access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
> access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
> access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6

 
Reply With Quote
 
Barry Margolin
Guest
Posts: n/a
 
      01-23-2004
In article <(E-Mail Removed) >,
(E-Mail Removed) (Dave Hauss) wrote:

> ** Can you explain what this all means and also can I use CISCO CONFIG
> MAKER to create access lists and where in the program do I do it?


209.146.5.6 0.0.0.1 specifies an address of 209.146.5.6 and wildcard
mask of 0.0.0.1. This means that the low-order bit of the source
address is ignored when matching against the address, so it matches
209.146.5.6 and 209.146.5.7.

209.146.5.8 0.0.0.7 specifies a wildcard of 0.0.0.7, meaning that the
low-order 3 bits are ignored. So it matches 209.146.5.8 - 209.146.5.15.

And so on. If you still don't understand this, you need to read some
primers on Cisco ACLs, or take a class.

I don't know anything about Config Maker, so I can't help you with that
part of your question.

>
> (E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message
> news:<bup5af$qq1$(E-Mail Removed)>...
> > In article <(E-Mail Removed) >,
> > Dave Hauss <(E-Mail Removed)> wrote:
> > :lets say my IP addressof the server is 209.156.6.6 and I want to say a
> > :ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
> > :how do I do that?
> >
> > access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
> > access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
> > access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
> > access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
> > access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
> > access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6


--
Barry Margolin, (E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PWR-2600-AC 2600 power supply to switch over a DC router? dehusk@gmail.com Cisco 2 08-09-2008 10:47 PM
Cisco 4700/2600 running as PPPoE Terminator Francisco Rivas Cisco 1 07-22-2003 02:54 PM
pots-to-pots call transfer without tromboning using Cisco 2600 Per Cisco 1 07-21-2003 06:06 PM
Re: H.323 ALG in Cisco 2600 Colin Cisco 3 07-20-2003 03:31 AM
cisco 2600 - route port 80 for cache server Radial Monster Cisco 2 07-11-2003 05:02 PM



Advertisments