488
Chapter 9
Managing Traffic with Access Lists
3.
Use a deny statement (you'll add a permit statement in step 7 to allow
other traffic to still work).
2501A(config)#access-list 110 deny ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
4.
Since you are going to deny Telnet, you must choose TCP as a Trans-
port layer protocol:
2501A(config)#access-list 110 deny tcp ?
A.B.C.D Source address
any Any source host
host A single source host
5.
Add the source IP address you want to filter on, then add the destina-
tion host IP address. Use the host command instead of wildcard bits.
2501A(config)#access-list 110 deny tcp host
172.16.10.2 host 172.16.20.2 ?
ack Match on the ACK bit
eq Match only packets on a given port
number
established Match established connections
fin Match on the FIN bit
fragments Check fragments
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com