No announcement yet.

Access-lists ?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Access-lists ?


    I need some details regarding access-lists in particular with protocol parameter.
    In some cases, for denying a host it is used as ip while in other it is as tcp/udp.
    what must be actually used for denying a host and a network?

    Also, see the below lists;

    access-list 101 deny udp any any eq netbios-ns log
    access-list 101 deny udp any any eq netbios-dgm log

    Pls explain about the port nos used here.

  • #2
    Re: Access-lists ?


    • #3
      Re: Access-lists ?


      Cisco access lists come in two main types, Standard and Extended.

      Standard access lists are number between 1 - 99 and allow you to filter based on a Source IPaddress or Network

      Extended access lists are numbered between 100 - 199 and allow you to filter based on source and destination IP address and sevice (port number)

      So, in answer to your question, if you wanted to prevent a certain network from accessing another network, as ACL might look something like:

      Access-list 10 DENY

      you then need to use the Access-group command to apply the ACL to the correct interface and ensure that you apply it in the correct direction. (The Access-goup command can apply to traffic going INTO the interface or traffic LEAVING the interface)
      MCSA/MCSE 2000
      MCSA/MCSE 2003

      I love pies.