Creating an access list.

[jversteeg]

Hey guys/girls
I am new to this routing world and I was woundering how I could create an access list for a 2514 router.

My question is, do I need access lists on each router to allow the remote network amd the local network use the internet-services? and how would I go about to do this.

Also does the access list allow for the (my network neigbourhood) to view thes network computers?

I can still connect to any computer connected to these networks, but only by their respective IP.

Thanks again

JVerstee

 

[jgercken]

Please see

http://www.cisco.com/warp/public/707/confaccesslists.html#concepts

-Jeff ----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!

 

[jversteeg]

Tnks Jeff, the link was able to allow me to see the newtork attached to the internet but will not allow me to use the internet.
I hope this will better describe my predicament

Here is a simple text illustration for my setup

--- / | Depicts ether connection
=== Depicts Serial connection

ADSL --- LYNKSYS Router --- Main School Network (192.168.0.0)
|
Cisco 2514 (ether0)
(Ser0) === Cisco 2501 (Remote Science Lab)
(Ether1) --- LAN Tech Lab.

I require internet at the Remote Science lab. (Cisco 2501)
I also require internet in the Tech Lab but must also have access to the main school LAN.
The main school LAN has internet access thru the Lynksys router and works fine.

Main School LAN has an IP 192.168.0.XXX Sub: FF.FF.FF.0
ADSL info programmed into Lynksys Router, whose IP is 192.168.1.1
Settings for internet access on the main school LAN are typical with a default gateway of 192.168.0.1 and a DNS of 192.168.0.1.

I configured a computer on the tech lab (Ether1) to have the same settings but would only be able to see the remote science lab and the main school network. No internet. I tried using access-lists but was unsuccessful.

Also configuring the science lab with the same settings but using a different IP (192.168.10.244) I could see the Tech lab, and the main school network, (something I don’t want)
When I tried to look back from the main school network (192.168.0.110), I was unable to see anything besides the 2514 router attached to the lynksys router. I could telnet into the 2514 router and ping all other devices attached, but could not see them.

I was wondering if I am having a conflict with Ether0 being attached to the internet and another network. should this router Ether0 be directly connected to the ADSL Modem? or is there a way I can do this with this configuration?
Anyhows here is my config file for the 2514 router, and the 2501 router if needed

2514…..
! ******************************************************************
! Peter.cfg - Cisco router configuration file
! Automatically created by Cisco ConfigMaker v2.6 Build 6
! Wednesday, October 09, 2002, 11:15:00 AM
!
! Hostname: Peter
! Model: 2514
! ******************************************************************
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Peter
!
enable password 3311
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to Louise
ip address 192.168.0.254 255.255.255.240
ip nat outside
keepalive 10
!
interface Ethernet 1
no shutdown
description connected to Peters House
ip address 192.168.0.222 255.255.255.224
ip nat inside
no keepalive
!
interface Serial 0
no shutdown
description connected to Stewie
ip unnumbered Ethernet 1
ip nat inside
encapsulation ppp
!
interface Serial 1
no description
no ip address
shutdown
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.0.192 0.0.0.31
access-list 1 permit 192.168.10.0 0.0.0.255
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Ethernet 0 overload
!
router rip
version 2
network 192.168.0.0
passive-interface Ethernet 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Ethernet 0
ip route 192.168.10.0 255.255.255.0 Serial 0 10 permanent
ip route 192.168.1.0 255.255.255.0 Ethernet 1 10 permanent
ip route 192.168.0.0 255.255.255.0 Ethernet 0 10 permanent
ip http server
snmp-server community 100 RW
snmp-server location Tech Lab
snmp-server contact
!
line console 0
exec-timeout 0 0
password 3311
login
!
line vty 0 4
password 3311
login
!
end

and the 2501 router

! ******************************************************************
! Stewie.cfg - Cisco router configuration file
! Automatically created by Cisco ConfigMaker v2.6 Build 6
! Wednesday, October 09, 2002, 11:48:49 AM
!
! Hostname: Stewie
! Model: 2501
! ******************************************************************
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Stewie
!
enable password 3311
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to Stewies Room
ip address 192.168.10.254 255.255.255.0
no keepalive
!
interface Serial 0
no shutdown
description connected to Peter
ip unnumbered Ethernet 0
encapsulation ppp
!
interface Serial 1
no description
no ip address
shutdown
!
router rip
version 2
network 192.168.10.0
no auto-summary
!
!
ip classless
ip http server
snmp-server community public RW
snmp-server location science lab
snmp-server contact
!
line console 0
exec-timeout 0 0
password 3311
login
!
line vty 0 4
password 3311
login
!
end

Hopefully someone can help... and thanks

j