Cisco ACL question

Discussion in 'OT Technology' started by Pro Street, Jan 24, 2006.

  1. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    ok, this one has me.. how can this actually exclude odd IP addresses for, let's say telnet?

    access-list 100 deny ip 192.168.16.0 0.0.0.255 192.168.14.0 0.0.0.254 eq 23

    I assume it only reads the last bit, but even so, is it only if the last bit is a 1, or if it's a 0 is it ignored?
     
  2. Balzz

    Balzz N54 Elitist OT Supporter

    Joined:
    Mar 30, 2000
    Messages:
    22,467
    Likes Received:
    0
    I think it would have to be

    access-list 100 deny ip 192.168.16.0 0.0.0.255 192.168.14.1 0.0.0.254 eq 23

    I'm not clear on what you mean by exclude..

    What I just posted means that traffic from 192.168.16.0/24 can only telnet to 192.168.14.2, 4, 6,...

    What you posted means traffic can only telnet to the odd numbers.
     
  3. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    ah ok, so it ignores all the last bits and only checks the rightmost, so even if it's .33 it'll only look at the fact it's 00010001


    :cool:
     
  4. Balzz

    Balzz N54 Elitist OT Supporter

    Joined:
    Mar 30, 2000
    Messages:
    22,467
    Likes Received:
    0
    That's right. The wildcard 254 converts to 11111110 in binary so the only significant bit is the last one.
     
  5. saboten

    saboten Chat With a Live Computer Repair Expert About Your

    Joined:
    Aug 22, 2004
    Messages:
    66,735
    Likes Received:
    0
    :werd:
     
  6. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    one more thing.

    let's say I have two WAN interfaces, s0 and s1, and FA0/0 going to the LAN. if I wanted to use the ACL in regards to denying outside access (of odd IPs... this is just an example) to that LAN, should I place one on each WAN interface, as cisco says (excended ones close to source) or actually place it on the FA0/0 interface?

    I was doing this in a lab today, and we had 5 routers daisy chained with a network off of each one, and I was placing different extended ACLs on each serial interface and it seemed redundant
     
  7. Balzz

    Balzz N54 Elitist OT Supporter

    Joined:
    Mar 30, 2000
    Messages:
    22,467
    Likes Received:
    0
    Place them on the WAN interfaces.
     
  8. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    ok just making sure I did it right :o

    I'm going to a state competition next month and this (and subnetting) are the two things I'm worried about
     
  9. EagerZeroedThick

    EagerZeroedThick New Member

    Joined:
    May 16, 2002
    Messages:
    5,971
    Likes Received:
    0
    Location:
    In a blade enclosure near you

    competition for what???
     
  10. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    Skills USA... a votec thingy. Looks good on a résumé.
     
  11. peterthesmart

    peterthesmart New Member

    Joined:
    Aug 9, 2004
    Messages:
    76
    Likes Received:
    0
    Location:
    Minnesota
    I'm in Skills USA too. I was considering doing the Cisco networking stuff, but I'm doing Computer Maintenance instead.
     
  12. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    who's it though? I know they're doing Aries A+ next year (they even asked me to teach it :hsugh: )
     
  13. StainMeNow

    StainMeNow New Member

    Joined:
    Jan 19, 2006
    Messages:
    59
    Likes Received:
    0
    Speaking of Cisco certs, does anyone know which router model is used in the CCNA exam? I'm thinking about buying a 2500 series cheap and was wondering if it would be sufficient practice or if I should get an updated model.
     
  14. Pro Street

    Pro Street New Member

    Joined:
    Oct 12, 2002
    Messages:
    70,787
    Likes Received:
    0
    Location:
    Northern VA/Fucking Middle East
    they use the 2600 series, but I work around 2500s (2501 to be exact). They're not that different except they're not modular, use the older serial links (DB-60 I think?) and don't have a fast ethernet (FA0/0) interface, instead they have a standard Ethernet e0 via AUI/transceiver.

    As to IOS images, you can flash a fairly new version, I believe we're using 12-5.


    but for CCNA you can use the 2500 and be fine.


    and if you think that's bad, I have to work with 1900 series switches :hs:
     

Share This Page