how to create an access list for a single interface and ...

Discussion in 'Cisco' started by Reinhard, May 14, 2004.

  1. Reinhard

    Reinhard Guest

    Hello,

    today I've two question.
    1) I want to create an access list and bind it to an interface

    I guess I have to do the following

    conf t
    access-list 113 permit ip 210.1.1.0 0.0.255.255 176.4.1.0 0.0.0.255
    access-list 113 deny ip any any log
    interface bri0/0
    ip access-group 113 in
    end

    but does this mean, before I bind it to interface it is active for all
    other interfaces?? How can I prohibit this - only the bri interface
    should have the accesslist.

    2) I want to add isdn callers

    conf t
    interface bri0/0
    ISDN CALLER 4940600230
    ISDN CALLER 49211234521
    end

    does this mean that if I add the callers in this sequenz, and I am
    calling from
    49211234521 that I will be disconnted from the router after I put the
    first caller into it?

    Thank you
    Reinhard
     
    Reinhard, May 14, 2004
    #1
    1. Advertisements

  2. No! Access-list that are not binded to an interface are _not_ active!
     
    Andre Wisniewski, May 14, 2004
    #2
    1. Advertisements

  3. Until you bind it to an interface, it's not being used at all. What
    you've written will do what you want.
    I don't know the answer to this part.
     
    Barry Margolin, May 14, 2004
    #3
  4. :> 1) I want to create an access list and bind it to an interface

    :> but does this mean, before I bind it to interface it is active for all
    :> other interfaces??

    :No! Access-list that are not binded to an interface are _not_ active!

    Except, of course, for those access-lists that are referenced in some
    other way such as a route-map or crypto map or any of the several
    other uses of access-lists .

    access-lists which are not -referenced- by some other part of the
    configuration that is in use, are not active.
     
    Walter Roberson, May 14, 2004
    #4
  5. Of course you are right. But i think Reinhard doesn't want to use
    referenced access-lists
    right now. I want to dissimulate him these information in order to protect
    him against confusion.
     
    Andre Wisniewski, May 14, 2004
    #5
  6. Sorry, i know my english is awful!
     
    Andre Wisniewski, May 14, 2004
    #6
  7. Reinhard

    Peter Guest

    Hi Reinhard,

    I see others have answered the first question so will go to the second...
    Changes to an IOS configuration performed using "configure terminal"
    are immediately performed, line by line as they are entered. You need
    to ensure that anything you are changing that affects the interface
    you are accessing the device on, that you MUST perform it in a
    sequence that will ensure you do not loose connectivity. This is not
    always possible.

    As others suggest for your question 1, enter the reference to YOUR
    phone number first. I haven't had to worry about that issue myself,
    however I think you should be safe because the interface only checks
    the calling no. to decide if it needs to ANSWER the call at all. Once
    the call is established, it has already answered it.

    Some other tips that may be of use -

    If you are applying a line by line change manually, you can use
    "configure network" that then expects you to UPLOAD a list of changed
    lines via TFTP. Such a change is then received on the device as a
    COMPLETE sequence of lines, and ALL lines are applied in one hit, so
    the impact or risk of the change MAY be minimised, where sequence of
    line entry may be an issue.

    A "last resort" method, is to enter the line "reload in 15 minutes"
    BEFORE you make any changes, then apply the change. If the change
    works, you then "cancel reload", if it doesn't work the config wont be
    saved and after 15 mins the router reboots using the original
    configuration. This approach may not acceptable to some.....;-)

    Good luck..........pk.
     
    Peter, May 14, 2004
    #7
  8. Reinhard

    Reinhard Guest

    thank you all for your help.
    Reinhard
     
    Reinhard, May 15, 2004
    #8
  9. Reinhard

    Reinhard Guest

    Hi Peter,
    thank you for your answer. The reload tip can be gold worth ( i hope
    this is the correct translation of the german saying ).
    Let's see what will happen on monday morning, then I will do the
    changes :)

    Thank you
    Reinhard
     
    Reinhard, May 15, 2004
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.