1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 1710
  6. Software configuration manual

Configuration Examples - Cisco 1710 Software Configuration Manual

Security router
Hide thumbs Also See for 1710:
Table of Contents

Advertisement

Configuring Firewalls

Configuration Examples

Configuring Standard Numbered Access Lists
Configuring Extended Numbered Access Lists
access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255 gt 1023
access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq 25
access-list 102 permit icmp 0.0.0.0 255.255.255.255 128.88.0.0 255.255.255.255
Cisco 1710 Security Router Software Configuration Guide
2-14
All matching parameters must be true before a command permits or denies
access to a packet.
There is an implicit "deny all" at the end of the sequence.
The following examples illustrate the configuration of standard numbered access
lists and extended numbered access lists.
In the following example, access list 2, a standard numbered access list, is defined
to operate on the router, permitting or denying passage of packets associated with
network 36.0.0.0. This network is a Class A network whose second octet specifies
a subnet; that is, its subnet mask is 255.255.0.0. The third and fourth octets of a
network 36.0.0.0 address specify a particular host. Using access list 2, the router
would accept one address on subnet 48 and reject all others on that subnet. The
last line of the list shows that the router would accept addresses on all other
network 36.0.0.0 subnets.
access-list 2 permit 36.48.0.3
access-list 2 deny 36.48.0.0
access-list 2 permit 36.0.0.0
Note that all other accesses are implicitly denied.
The following commands tie the access group to a specific interface on the router,
and specify that incoming packets are to be permitted or denied passage:
interface ethernet 0
ip access-group 2 in
In the following example, access list 102, an extended numbered access list, is
defined. The first command permits any incoming TCP messages with destination
ports greater than 1023. The second command permits incoming TCP messages
to the SMTP port of host 128.88.1.2. The third command permits incoming ICMP
messages for error feedback.
Chapter 2
Cisco 1710 Security Router Configuration
0.0.255.255
0.255.255.255
78-12696-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco 1710

Related Content for Cisco 1710

Table of Contents