Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help please with Access List

Status
Not open for further replies.
ilpadrino

ilpadrino

MIS
Joined
Feb 14, 2001
Messages
416
Location
US
My 1600 router recently became overloaded to the Opaserve virus. So we added the following access-list to block that traffic caused by the virus...

access-list 102 deny udp any any eq netbios-ns
access-list 102 deny udp any any eq 135
access-list 102 deny tcp any any eq 139
access-list 102 permit ip any any

Now I cannot attach to a computer over this router like I could before from a Windows environment -- ie I can't do a find computer by ip address. If I remove the access-list 102, it works. Is there a way I can permit in this access list specific ip address so that I can attach to their shared printers? I only need one machine (192.168.60.65) to be able to print to 5 static ip addresses (192.168.63.x) through this router.

thanks in advance...joe.
 
Sort by date Sort by votes
A permit any rule for this address before the denies should
do it.
access-list 102 permit ip 192.168.60.65 0.0.0.0 any

HTH
 
Upvote 0 Downvote
r u trying to add the printers by IP address or are they shared and you are trying to connect to them by browsing?

if you are trying to connect to them by browsing it should'nt work because you have denied NetBIOS.

YOu could put a permit statement above the denies that permitted the exact ip addresses that you want to connect to and from similar to what marsd is referring to

access-list 102 permit ip <address of source> <mask of source> <address of dest> <mask of dest.> Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com
 
Upvote 0 Downvote
Thanks for your responses. I'm trying the permit ip host any as suggested by marsd for now. It seems to be working. Permitting exact ip's would probably be more secure, so I'll try to refine the statements to what you've suggested, erik.

thanks again. joe.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
570
CPM86
CPM86
Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
703
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
915
BIS
BIS
inlsp05
  • Locked
  • Question Question
2811 ios start with cf
Replies
0
Views
346
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question Question
Problem with cisco switch after upgrading
Replies
1
Views
460
Geraldine Souza
Geraldine Souza

Part and Inventory Search

Sponsor

Back
Top