From: Ali AlKaff (asalkaff@msn.com)
Date: Sat Apr 08 2006 - 13:12:41 GMT-3
I couldn't exactly figure out the layer 3 topology from your question, but
assuming that PC1 is on 192.168.1.0/24 and PC2 is on the other side on
192.168.2.0/24, I think you'd go like this on ROUTER-1:
ip access-list extended ACL
deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.3 neq telnet
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
interface [facing PC1]
ip access-group ACL in
!
end
HTH,
Ali
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Radioactive Frog
Sent: Saturday, 08 April 2006 18:22
To: Cisco certification
Subject: what is the best efficient way ---> ACL question
Hi Group,
The below is a scenario:-
PC1-----------------------ROUTER-1----------serial-------------------Router-
2
------Switch
-------------PC-2 (192.168.2.3)
|--------------------PC-3 (192.168.2.4)
--------------------192.168.1.0/24--------
-------------------------192.168.2.0/24-----------------------
What is the best way to achieve the following goals without route map or
prefix list.
Just with plain extended list ? IN/OUT where which interface ?
1) From 192.168.1.0 to 192.168.2.0 - all types of traffic allowed.
2) From 192.168.1.0 to 192.168.2.3 - should have only telnet access, all
other type of traffic shouldn't allowed to 192.168.2.3
Answer with explanation are welcome, however any idea would be also good.
Regards,
Frog..
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3