cisco 2600 access list?

Discussion in 'Cisco' started by Dave Hauss, Jan 22, 2004.

  1. Dave Hauss

    Dave Hauss Guest

    I am wondering if there is any easy way to do this.. I have a server
    on my network with a valid internet assignable ip address. I need to
    be able to set the 2600 router so that when someone tried to access
    it, it will look in an access list to see if it is a valid IP address
    coming into it. if it is, it will let them through to the server and
    if not, block access.. how do I do this on a 2600 router?
    Dave Hauss, Jan 22, 2004
    #1
    1. Advertising

  2. In article <>,
    (Dave Hauss) wrote:

    > I am wondering if there is any easy way to do this.. I have a server
    > on my network with a valid internet assignable ip address. I need to
    > be able to set the 2600 router so that when someone tried to access
    > it, it will look in an access list to see if it is a valid IP address
    > coming into it. if it is, it will let them through to the server and
    > if not, block access.. how do I do this on a 2600 router?


    The following will block packets from RFC 1918 private addresses:

    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 permit ip any any

    You can add additional invalid address ranges, like class D/E and
    link-local address.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Jan 22, 2004
    #2
    1. Advertising

  3. Dave Hauss

    Dave Hauss Guest

    lets say my IP addressof the server is 209.156.6.6 and I want to say a
    ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
    how do I do that?


    Barry Margolin <> wrote in message news:<>...
    > In article <>,
    > (Dave Hauss) wrote:
    >
    > > I am wondering if there is any easy way to do this.. I have a server
    > > on my network with a valid internet assignable ip address. I need to
    > > be able to set the 2600 router so that when someone tried to access
    > > it, it will look in an access list to see if it is a valid IP address
    > > coming into it. if it is, it will let them through to the server and
    > > if not, block access.. how do I do this on a 2600 router?

    >
    > The following will block packets from RFC 1918 private addresses:
    >
    > access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    > access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    > access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    > access-list 101 permit ip any any
    >
    > You can add additional invalid address ranges, like class D/E and
    > link-local address.
    Dave Hauss, Jan 22, 2004
    #3
  4. In article <>,
    Dave Hauss <> wrote:
    :lets say my IP addressof the server is 209.156.6.6 and I want to say a
    :ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
    :how do I do that?

    access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
    access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
    access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
    access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
    access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
    access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6
    --
    We don't need no side effect-ing
    We don't need no scope control
    No global variables for execution
    Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
    Walter Roberson, Jan 22, 2004
    #4
  5. Dave Hauss

    Dave Hauss Guest

    ** Can you explain what this all means and also can I use CISCO CONFIG
    MAKER to create access lists and where in the program do I do it?

    Thanks..




    -cnrc.gc.ca (Walter Roberson) wrote in message news:<bup5af$qq1$>...
    > In article <>,
    > Dave Hauss <> wrote:
    > :lets say my IP addressof the server is 209.156.6.6 and I want to say a
    > :ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
    > :how do I do that?
    >
    > access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
    > access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
    > access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
    > access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
    > access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
    > access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6
    Dave Hauss, Jan 23, 2004
    #5
  6. In article <>,
    (Dave Hauss) wrote:

    > ** Can you explain what this all means and also can I use CISCO CONFIG
    > MAKER to create access lists and where in the program do I do it?


    209.146.5.6 0.0.0.1 specifies an address of 209.146.5.6 and wildcard
    mask of 0.0.0.1. This means that the low-order bit of the source
    address is ignored when matching against the address, so it matches
    209.146.5.6 and 209.146.5.7.

    209.146.5.8 0.0.0.7 specifies a wildcard of 0.0.0.7, meaning that the
    low-order 3 bits are ignored. So it matches 209.146.5.8 - 209.146.5.15.

    And so on. If you still don't understand this, you need to read some
    primers on Cisco ACLs, or take a class.

    I don't know anything about Config Maker, so I can't help you with that
    part of your question.

    >
    > -cnrc.gc.ca (Walter Roberson) wrote in message
    > news:<bup5af$qq1$>...
    > > In article <>,
    > > Dave Hauss <> wrote:
    > > :lets say my IP addressof the server is 209.156.6.6 and I want to say a
    > > :ranger of 209.146.5.6-209.146.5.99 is allowed to access the server..
    > > :how do I do that?
    > >
    > > access-list 101 permit ip 209.146.5.6 0.0.0.1 host 209.156.6.6
    > > access-list 101 permit ip 209.146.5.8 0.0.0.7 host 209.156.6.6
    > > access-list 101 permit ip 209.146.5.16 0.0.0.15 host 209.156.6.6
    > > access-list 101 permit ip 209.146.5.32 0.0.0.31 host 209.156.6.6
    > > access-list 101 permit ip 209.146.5.64 0.0.0.31 host 209.156.6.6
    > > access-list 101 permit ip 209.146.5.96 0.0.0.3 host 209.156.6.6


    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Jan 23, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PS2 gamer
    Replies:
    6
    Views:
    6,826
    Hansang Bae
    Jun 9, 2004
  2. Replies:
    3
    Views:
    629
  3. turnip
    Replies:
    4
    Views:
    2,277
    turnip
    Aug 25, 2007
  4. Southern Kiwi
    Replies:
    6
    Views:
    2,174
    Southern Kiwi
    Mar 19, 2006
  5. Replies:
    2
    Views:
    825
Loading...

Share This Page