how to create an access list for a single interface and ...

Discussion in 'Cisco' started by Reinhard, May 14, 2004.

  1. Reinhard

    Reinhard Guest

    Hello,

    today I've two question.
    1) I want to create an access list and bind it to an interface

    I guess I have to do the following

    conf t
    access-list 113 permit ip 210.1.1.0 0.0.255.255 176.4.1.0 0.0.0.255
    access-list 113 deny ip any any log
    interface bri0/0
    ip access-group 113 in
    end

    but does this mean, before I bind it to interface it is active for all
    other interfaces?? How can I prohibit this - only the bri interface
    should have the accesslist.

    2) I want to add isdn callers

    conf t
    interface bri0/0
    ISDN CALLER 4940600230
    ISDN CALLER 49211234521
    end

    does this mean that if I add the callers in this sequenz, and I am
    calling from
    49211234521 that I will be disconnted from the router after I put the
    first caller into it?

    Thank you
    Reinhard
    Reinhard, May 14, 2004
    #1
    1. Advertising

  2. On 14 May 2004 09:51:53 -0700, Reinhard <> wrote:

    > Hello,
    >
    > today I've two question.
    > 1) I want to create an access list and bind it to an interface
    >
    > I guess I have to do the following
    >
    > conf t
    > access-list 113 permit ip 210.1.1.0 0.0.255.255 176.4.1.0 0.0.0.255
    > access-list 113 deny ip any any log
    > interface bri0/0
    > ip access-group 113 in
    > end
    >
    > but does this mean, before I bind it to interface it is active for all
    > other interfaces?? How can I prohibit this - only the bri interface
    > should have the accesslist.
    >


    No! Access-list that are not binded to an interface are _not_ active!

    --
    Gruß Andre

    --- Using Opera
    Andre Wisniewski, May 14, 2004
    #2
    1. Advertising

  3. In article <>,
    (Reinhard) wrote:

    > Hello,
    >
    > today I've two question.
    > 1) I want to create an access list and bind it to an interface
    >
    > I guess I have to do the following
    >
    > conf t
    > access-list 113 permit ip 210.1.1.0 0.0.255.255 176.4.1.0 0.0.0.255
    > access-list 113 deny ip any any log
    > interface bri0/0
    > ip access-group 113 in
    > end
    >
    > but does this mean, before I bind it to interface it is active for all
    > other interfaces?? How can I prohibit this - only the bri interface
    > should have the accesslist.


    Until you bind it to an interface, it's not being used at all. What
    you've written will do what you want.

    >
    > 2) I want to add isdn callers
    >
    > conf t
    > interface bri0/0
    > ISDN CALLER 4940600230
    > ISDN CALLER 49211234521
    > end
    >
    > does this mean that if I add the callers in this sequenz, and I am
    > calling from
    > 49211234521 that I will be disconnted from the router after I put the
    > first caller into it?


    I don't know the answer to this part.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 14, 2004
    #3
  4. In article <opr7z1u8u0udlqzq@ares>,
    Andre Wisniewski <> wrote:
    :On 14 May 2004 09:51:53 -0700, Reinhard <> wrote:
    :> 1) I want to create an access list and bind it to an interface

    :> but does this mean, before I bind it to interface it is active for all
    :> other interfaces??

    :No! Access-list that are not binded to an interface are _not_ active!

    Except, of course, for those access-lists that are referenced in some
    other way such as a route-map or crypto map or any of the several
    other uses of access-lists .

    access-lists which are not -referenced- by some other part of the
    configuration that is in use, are not active.
    --
    Tenser, said the Tensor.
    Tenser, said the Tensor.
    Tension, apprehension,
    And dissension have begun. -- Alfred Bester (tDM)
    Walter Roberson, May 14, 2004
    #4
  5. On 14 May 2004 17:37:28 GMT, Walter Roberson <-cnrc.gc.ca>
    wrote:

    >
    > access-lists which are not -referenced- by some other part of the
    > configuration that is in use, are not active.


    Of course you are right. But i think Reinhard doesn't want to use
    referenced access-lists
    right now. I want to dissimulate him these information in order to protect
    him against confusion.



    --
    Gruß Andre

    --- Using Opera
    Andre Wisniewski, May 14, 2004
    #5
  6. On Fri, 14 May 2004 19:54:40 +0200, Andre Wisniewski
    <> wrote:

    > On 14 May 2004 17:37:28 GMT, Walter Roberson
    > <-cnrc.gc.ca> wrote:
    >
    >>
    >> access-lists which are not -referenced- by some other part of the
    >> configuration that is in use, are not active.

    >
    > Of course you are right. But i think Reinhard doesn't want to use
    > referenced access-lists
    > right now. I want to dissimulate him these information in order to
    > protect him against confusion.
    >
    >
    >


    Sorry, i know my english is awful!

    --
    Gruß Andre

    --- Using Opera
    Andre Wisniewski, May 14, 2004
    #6
  7. Reinhard

    Peter Guest

    Hi Reinhard,

    I see others have answered the first question so will go to the second...

    > 2) I want to add isdn callers
    >
    > conf t
    > interface bri0/0
    > ISDN CALLER 4940600230
    > ISDN CALLER 49211234521
    > end
    >
    > does this mean that if I add the callers in this sequenz, and I am
    > calling from
    > 49211234521 that I will be disconnted from the router after I put the
    > first caller into it?


    Changes to an IOS configuration performed using "configure terminal"
    are immediately performed, line by line as they are entered. You need
    to ensure that anything you are changing that affects the interface
    you are accessing the device on, that you MUST perform it in a
    sequence that will ensure you do not loose connectivity. This is not
    always possible.

    As others suggest for your question 1, enter the reference to YOUR
    phone number first. I haven't had to worry about that issue myself,
    however I think you should be safe because the interface only checks
    the calling no. to decide if it needs to ANSWER the call at all. Once
    the call is established, it has already answered it.

    Some other tips that may be of use -

    If you are applying a line by line change manually, you can use
    "configure network" that then expects you to UPLOAD a list of changed
    lines via TFTP. Such a change is then received on the device as a
    COMPLETE sequence of lines, and ALL lines are applied in one hit, so
    the impact or risk of the change MAY be minimised, where sequence of
    line entry may be an issue.

    A "last resort" method, is to enter the line "reload in 15 minutes"
    BEFORE you make any changes, then apply the change. If the change
    works, you then "cancel reload", if it doesn't work the config wont be
    saved and after 15 mins the router reboots using the original
    configuration. This approach may not acceptable to some.....;-)

    Good luck..........pk.

    --
    *** Replace SOMEONE with prk ***
    Peter, May 14, 2004
    #7
  8. Reinhard

    Reinhard Guest

    thank you all for your help.
    Reinhard
    Reinhard, May 15, 2004
    #8
  9. Reinhard

    Reinhard Guest

    Peter <> wrote in message news:<bpbpc.2066$>...
    > Hi Reinhard,
    >
    > I see others have answered the first question so will go to the second...
    >
    > > 2) I want to add isdn callers
    > >
    > > conf t
    > > interface bri0/0
    > > ISDN CALLER 4940600230
    > > ISDN CALLER 49211234521
    > > end
    > >
    > > does this mean that if I add the callers in this sequenz, and I am
    > > calling from
    > > 49211234521 that I will be disconnted from the router after I put the
    > > first caller into it?

    >
    > Changes to an IOS configuration performed using "configure terminal"
    > are immediately performed, line by line as they are entered. You need
    > to ensure that anything you are changing that affects the interface
    > you are accessing the device on, that you MUST perform it in a
    > sequence that will ensure you do not loose connectivity. This is not
    > always possible.
    >
    > As others suggest for your question 1, enter the reference to YOUR
    > phone number first. I haven't had to worry about that issue myself,
    > however I think you should be safe because the interface only checks
    > the calling no. to decide if it needs to ANSWER the call at all. Once
    > the call is established, it has already answered it.
    >
    > Some other tips that may be of use -
    >
    > If you are applying a line by line change manually, you can use
    > "configure network" that then expects you to UPLOAD a list of changed
    > lines via TFTP. Such a change is then received on the device as a
    > COMPLETE sequence of lines, and ALL lines are applied in one hit, so
    > the impact or risk of the change MAY be minimised, where sequence of
    > line entry may be an issue.
    >
    > A "last resort" method, is to enter the line "reload in 15 minutes"
    > BEFORE you make any changes, then apply the change. If the change
    > works, you then "cancel reload", if it doesn't work the config wont be
    > saved and after 15 mins the router reboots using the original
    > configuration. This approach may not acceptable to some.....;-)
    >
    > Good luck..........pk.


    Hi Peter,
    thank you for your answer. The reload tip can be gold worth ( i hope
    this is the correct translation of the german saying ).
    Let's see what will happen on monday morning, then I will do the
    changes :)

    Thank you
    Reinhard
    Reinhard, May 15, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PS2 gamer
    Replies:
    6
    Views:
    6,669
    Hansang Bae
    Jun 9, 2004
  2. Yehavi Bourvine
    Replies:
    1
    Views:
    1,056
    Hansang Bae
    Aug 26, 2004
  3. Eric

    [COMM] Create animations from a single photo

    Eric, Apr 26, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    285
  4. Southern Kiwi
    Replies:
    6
    Views:
    2,109
    Southern Kiwi
    Mar 19, 2006
  5. Giuen
    Replies:
    0
    Views:
    693
    Giuen
    Sep 12, 2008
Loading...

Share This Page