host

A single destination host

lt

Match only packets with a lower port number

neq

Match only

packets

not on a given port number

range

Match only

packets

in the range of port numbers

3. Now do the same for the destination address identifying the destination of 172.15.10.0:

CoriolisRSM1(config)# access−list

199 deny tcp 172.16.10.0 0.0.0.255

172.15.10.0 0.0.0.255 ?

 

ack

Match on the ACK bit

eq

Match only packets on a given port number

established

Match established connections

fin

Match on the FIN bit

gt

Match only packets with a greater port number

log

Log matches against this entry

log−input

Log matches against this entry, including input interface

lt

Match only packets with a lower port number

neq

Match only packets not on a given port number

precedence

Match packets with given precedence value

psh

Match on the PSH bit

range

Match only packets in the range of port numbers

rst

Match on the RST bit

syn

Match on the SYN bit

tos

Match packets with given TOS value

urg

Match on the URG bit

4.Now enter “eq” for equal to, and then identify the port numbers. Use a separate statement for each port number:

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255 172.15.10.0 0.0.0.255 eq 80

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255 172.15.10.0 0.0.0.255 eq 23

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255 172.15.10.0 0.0.0.255 eq 21

CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255

172.15.10.00.0.0.255 eq 20

5.Now we have to identify addresses to permit or we will have effectively shut down the interface. Remember, there is an implicit “deny all” at the end of any access list:

CoriolisRSM1(config)#access−list

199 permit ?

<0−255>

An IP protocol number

 

ahp

Authentication Header Protocol

eigrp

Cisco’s EIGRP routing protocol

esp

Encapsulation Security Payload

gre

Cisco’s GRE tunneling

 

icmp

Internet Control Message Protocol

igmp

Internet Gateway Message Protocol

igrp

Cisco’s IGRP routing protocol

Ip

Any Internet Protocol

 

Ipinip

IP in IP tunneling

 

nos

KA9Q NOS compatible IP over IP tunneling

ospf

OSPF routing protocol

 

pcp

Payload Compression Protocol

pim

Protocol Independent Multicast

tcp

Transmission Control Protocol

udp

User Datagram Protocol

 

6.We have to use the ip syntax, which means all IP protocols. If we only used the tcp syntax, we would only permit TCP ports:

CoriolisRSM1(config)#access−list 199 permit ip ?

A.B.C.D Source address

any

Any source host

host

A single source host

7.Since we want to identify everything else that can pass through the interface, we need to use the any syntax and identify the source address. You can identify a single host by using the host syntax followed by the IP address:

265

Page 280 Page 282
Page 281
Image 281
Cisco Systems RJ-45-to-AUX manual 265
Page 280 Page 282
Top Page Image Contents