I need to be able to ping one Workstation from another. Then I need to permit one Workstation to Telnet to another Workstation. Thanks ;-)
2006-12-11 02:20:30 · 3 answers · asked by slim25female 1 in Computers & Internet ➔ Computer Networking
First, follow your access-list command with a number from the "extended" IP ACL range, from 100 to 199 or from 2000 to 2699. Then follow this with the permit keyword, then the icmp keyword since you want to ping from one machine to another. Follow this with the IP address and wildcard mask of the source and then the IP and wildcard mask of the destination, and finally the specific icmp message type.
For example, to allow a ping only from 10.1.1.1 to 10.1.1.2 you would need:
access-list 101 permit icmp host 10.1.1.1 host 10.1.1.2 echo
access-list 101 permit icmp host 10.1.1.2 host 10.1.1.1 echo-reply
For telnet, you would use open tcp port 23 such as:
access-list 102 permit host 10.1.1.3 host 10.1.1.4 tcp eq 23
This is just to get you started, there's a lot more possible. Search around Cisco's web site for IOS ACL command references, such as http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d1d4.html
2006-12-11 14:54:32 · answer #1 · answered by networkmaster 5 · 0⤊ 1⤋
This is simple... there a few rules... First the ACL must be of a number between 100-199. Second there is an implicit deny, so you must specify what you want to permit OR create an explicit permit at the end. Third, the rules use a wildcard, not subnet mask (this is precisely the inverse of a netmask). Fourth, ACL's are read from top to bottom until a match is made... not most specific like routing. Finally, you must not forget to apply in both directions. As an example, this ACL permits ping from/to anywhere, and 10.1.1.1, alone, to access anything unhindered... denying all others.:
access-list 112 permit icmp any any
access-list 112 permit ip 10.1.1.1 0.0.0.0 any
access-list 112 permit ip any 10.1.1.1 0.0.0.0
The implicit deny picks up everything else... if you wanted an explicit permit to something, you would put:
access-list 112 permit ip any any
at the end.
2006-12-14 13:12:38 · answer #2 · answered by redwine77 2 · 0⤊ 0⤋
I still not have hands on any Cisco POPs. You required help from my Guru. Contact RST Forum.
2016-05-23 05:09:10 · answer #3 · answered by ? 4 · 0⤊ 0⤋