Cisco Systems RJ-45-to-AUX - page 281

host A single destination host

lt Match only packets with a lower port number

neq Match only packets not on a given port number

range Match only packets in the range of port numbers

Now do the same for the destination address identifying the destination of 172.15.10.0:

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255

172.15.10.0 0.0.0.255 ?

ack Match on the ACK bit

eq Match only packets on a given port number

established Match established connections

precedence Match packets with given precedence value

psh Match on the PSH bit

range Match only packets in the range of port numbers

rst Match on the RST bit

syn Match on the SYN bit

tos Match packets with given TOS value

urg Match on the URG bit

3.

Now enter “eq” for equal to, and then identify the port numbers. Use a separate statement for each

port number:

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255

172.15.10.0 0.0.0.255 eq 20

4.

Now we have to identify addresses to permit or we will have effectively shut down the interface.

Remember, there is an implicit “deny all” at the end of any access list:

CoriolisRSM1(config)#access−list 199 permit ?

<0−255> An IP protocol number

ahp Authentication Header Protocol

eigrp Cisco’s EIGRP routing protocol

esp Encapsulation Security Payload

gre Cisco’s GRE tunneling

icmp Internet Control Message Protocol

pcp Payload Compression Protocol

pim Protocol Independent Multicast

tcp Transmission Control Protocol

udp User Datagram Protocol

5.

We have to use the ip syntax, which means all IP protocols. If we only used the tcp syntax, we would

only permit TCP ports:

CoriolisRSM1(config)#access−list 199 permit ip ?

A.B.C.D Source address

any Any source host

host A single source host

6.