Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

quick ACL question

Status
Not open for further replies.
jdeane

jdeane

IS-IT--Management
Joined
Sep 21, 2001
Messages
229
Location
GB
I am trying to split a subnet in two and prevent the upper half from having telnet access to the outside world.

The ip subnet is 171.17.0.64 - 171.17.0.127 255.255.255.192

I wish to allow 171.17.0.64 - 171.17.0.95 telnet access and
disallow 171.17.0.96 - 171.17.0.126

I'm I right in using
access-list 111 deny tcp 171.17.0.96 0.0.0.31 any eq telnet

Thanks

Jon
 
Sort by date Sort by votes
access-lists have an implicit deny any at the end of them. You are going to have to have at least one permit statement in the access-list. Try this:

access-list 101 permit tcp 171.17.0.64 0.0.0.31 any eq telnet

hopefully this will get you headed in the right direction...because of the implicit deny any the other subnet would be blocked..

also don't forget to apply this to an interface with the access-group command...

mika
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
502
Zero6
Zero6
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
355
burtsbees
burtsbees
acabezas2014
  • Locked
  • Question Question
Create ACL for ip range
Replies
2
Views
375
acabezas2014
acabezas2014
azrael2000
  • Locked
  • Question Question
quick question...re layer 3 with routing
Replies
1
Views
323
chieftan
chieftan
mkc1962
  • Locked
  • Question Question
Cisco 2602e connection question
Replies
0
Views
218
mkc1962
mkc1962

Part and Inventory Search

Sponsor

Back
Top