Access Lists
475
discard Discard (9)
domain Domain Name Service (53)
echo Echo (7)
exec Exec (rsh, 512)
finger Finger (79)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20, 21)
gopher Gopher (70)
hostname NIC hostname server (101)
ident Ident Protocol (113)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Login (rlogin, 513)
lpd Printer service (515)
nntp Network News Transport Protocol (119)
pim-auto-RP PIM Auto-RP
pop2 Post Office Protocol v2 (109)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
sunrpc Sun Remote Procedure Call (111)
syslog Syslog (514)
tacacs TAC Access Control System (49)
talk Talk (517)
telnet Telnet (23)
time Time (37)
uucp Unix-to-Unix Copy Program (540)
whois Nicname (43)
www World Wide Web (HTTP, 80)
At this point, let's block Telnet (port 23) to host 172.16.30.2 only. If
the users want to FTP, that is allowed. The log command is used to send
messages to the console every time the access list is hit. This would not be
a good thing to do in a busy environment, but it is great when used in a class
or in a home network.
RouterA(config)#access-list 110 deny tcp any host
172.16.30.2 eq 23 log
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com