Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http,https,ftp,telnet etc inside tcp, tcp sent inside ICMP (lets say ICMP is a transportation like a car)
- 9.3.2.12
- RT1>en
- RT1#conf t
- Enter configuration commands, one per line. End with CNTL/Z.
- RT1(config)#ip ac
- RT1(config)#ip access-list ex
- RT1(config)#ip access-list extended ACL
- RT1(config-ext-nacl)#deny ?
- ahp Authentication Header Protocol
- eigrp Cisco's EIGRP routing protocol
- esp Encapsulation Security Payload
- gre Cisco's GRE tunneling
- icmp Internet Control Message Protocol
- ip Any Internet Protocol
- ospf OSPF routing protocol
- tcp Transmission Control Protocol
- udp User Datagram Protocol
- RT1(config-ext-nacl)#deny tcp ?
- A.B.C.D Source address
- any Any source host
- host A single source host
- RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 ?
- eq Match only packets on a given port number
- established established
- gt Match only packets with a greater port number
- lt Match only packets with a lower port number
- neq Match only packets not on a given port number
- range Match only packets in the range of port numbers
- <cr>
- RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 eq 80
- RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 eq 443
- RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.103.255.254 eq 80
- RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.103.255.254 eq 443
- RT1(config-ext-nacl)#deny tcp host 172.31.1.102 host 64.101.255.254 eq 21
- RT1(config-ext-nacl)#deny tcp host 172.31.1.102 host 64.103.255.254 eq 21
- RT1(config-ext-nacl)#deny icmp host 172.31.1.103 host 64.101.255.254
- RT1(config-ext-nacl)#deny icmp host 172.31.1.103 host 64.103.255.254
- RT1(config-ext-nacl)#permit ip any any
- RT1(config-ext-nacl)#exit
- RT1(config)#int g0/0
- RT1(config-if)#ip ac
- RT1(config-if)#ip access-group ACL in
- RT1(config-if)#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement