shapiro360
MIS
I have a cisco 2612 router on my network that has 2 wic cards in it. One connects to another 2612 router that is directly connected to my backbone and the other wic connects to a router where I want to limit the users from acessing resources on my network. I am using T1 lines at all of the locations to connect each other. My question is where do I place the acl on the router with the 2 wics? On the in or outbound on the ethernet inteface? Serial 0/1 connects to the network I want to limit. I do not have access to the router this connects to and I dont want them to be able to access anything other than what i have listed in the acl.
User Access Verification
Password:
net-fm-T1rtr>ena
Password:
net-fm-T1rtr#show run
Building configuration...
Current configuration:
!
version 11.3
!
hostname net-fm-T1rtr
!
enable secret 5 $
!
memory-size iomem 10
ip subnet-zero
!
!
!
interface Loopback0
ip address xxxxxxxxx 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address xxxxxxxxxx 255.255.255.0
ip access-group 150 out
no ip directed-broadcast
no lat enabled
!
interface Serial0/0
ip address xxxxxxxxxxx 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
service-module t1 clock source internal
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
interface Serial0/1
description **** T1 trunk to FM PD ****
ip address 10.1.39.1 255.255.255.0
service-module t1 clock source internal
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
router eigrp 21
redistribute static
network 10.0.0.0
network 192.168.5.0
no auto-summary
!
ip classless
ip route 192.168.5.0 255.255.255.0 10.1.39.2 (oher router)
access-list 150 deny ip 192.168.5.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 150 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 150 deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 150 permit ip 192.0.0.0 0.255.255.255 host 10.1.2.11
access-list 150 permit ip 192.0.0.0 0.255.255.255 host 10.1.3.32
access-list 150 permit ip any any
!
snmp-server community
!
line con 0
password
login
line aux 0
password
login
line vty 0 4
password
login
!
end
net-fm-T1rtr#
User Access Verification
Password:
net-fm-T1rtr>ena
Password:
net-fm-T1rtr#show run
Building configuration...
Current configuration:
!
version 11.3
!
hostname net-fm-T1rtr
!
enable secret 5 $
!
memory-size iomem 10
ip subnet-zero
!
!
!
interface Loopback0
ip address xxxxxxxxx 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address xxxxxxxxxx 255.255.255.0
ip access-group 150 out
no ip directed-broadcast
no lat enabled
!
interface Serial0/0
ip address xxxxxxxxxxx 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
service-module t1 clock source internal
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
interface Serial0/1
description **** T1 trunk to FM PD ****
ip address 10.1.39.1 255.255.255.0
service-module t1 clock source internal
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
router eigrp 21
redistribute static
network 10.0.0.0
network 192.168.5.0
no auto-summary
!
ip classless
ip route 192.168.5.0 255.255.255.0 10.1.39.2 (oher router)
access-list 150 deny ip 192.168.5.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 150 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 150 deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 150 permit ip 192.0.0.0 0.255.255.255 host 10.1.2.11
access-list 150 permit ip 192.0.0.0 0.255.255.255 host 10.1.3.32
access-list 150 permit ip any any
!
snmp-server community
!
line con 0
password
login
line aux 0
password
login
line vty 0 4
password
login
!
end
net-fm-T1rtr#
