Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

extended ACL help!!!!!!

Status
Not open for further replies.
newbiex1001

newbiex1001

Technical User
Joined
Sep 24, 2007
Messages
3
Location
US
i need help to configure this in f0/0

1.Permit all TCP ftp (port 21) traffic from 192.168.200.10 to 192.168.100.11.

2.Permit all TCP http (port 80) traffic from 192.168.200.10 to 192.168.100.11.

3.Deny all other TCP traffic from 192.168.200.10 to 192.168.100.11

4.Permit all other IP traffic from any source to any destination.


 
Sort by date Sort by votes
router(config)#ip access-list extended ACL_Name
router(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.100.11 eq 21
router(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.100.11 eq 20
router(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.100.11 eq www
router(config-ext-nacl)#permit ip any any
router(config-ext-nacl)#^Z


You will then need to apply this ACL to the interface you desire, but seeing that I have no idea where these networks exist I can't tell you their direction it needs to be applied
 
Upvote 0 Downvote
thank you much for the help, however, i wasn't able to get it to work

ip access-list extended ACL_Name was not recognized
 
Upvote 0 Downvote
Just number it---it's a bit easier, and you can still modify it with release 12.1, or something like that...

Burt
 
Upvote 0 Downvote
thank you guys, i am still stuck at first line

this is my screen

Chicago(config)#ip access-list extended 100
^

% Invalid input detected at "^" marker.
 
Upvote 0 Downvote
So your router doesn't like config mode?

It should look like this


Chicago#
Chicago#config t
Chicage(config)#


Post a show ver.
 
Upvote 0 Downvote
I think he is pointing to the "ip access-list extended" part...
Unless he is at the
Chicago#
and is trying to type the whole thing at once, like "(config)#ip access-lsit extended 100"...

Burt
 
Upvote 0 Downvote
but then it would look like
Chicage#(config)#

i think the spacing on this forum is different then in the router and the ^ is just not in the right place.


need that show ver to see whats goin on.
 
Upvote 0 Downvote
Unless he is doing this...
Chicago#Chicago(config)#ip access-list extended 100

Burt
 
Upvote 0 Downvote
I know, but I'd bet the farm that's what he did...lol

Burt
 
Upvote 0 Downvote
maybe his router has an old IOS and doesn't support named IP access-lists.

try

NAME(config)# access-list 100 permit ip ..........


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
689
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
882
BIS
BIS
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
345
burtsbees
burtsbees
bfordz
  • Locked
  • Question Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
352
bfordz
bfordz
DigiByte34
  • Locked
  • Question Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
874
DigiByte34
DigiByte34

Part and Inventory Search

Sponsor

Back
Top