-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
Access list in cisco's routers
- Thread starter rossfrom
- Start date
brandonwh64
Addicted to Bacon and StarCrunches!!!
- Joined
- Sep 6, 2009
- Messages
- 19,542 (3.66/day)
Wut?
- Joined
- Sep 13, 2008
- Messages
- 1,230 (0.22/day)
- Location
- Metro Atlanta
| Processor | AMD Ryzen 1700 |
|---|---|
| Motherboard | Gigabyte AB350 GAMING 3 |
| Memory | 16GB (2x8) 3200MHz |
| Display(s) | Acer 24" LCD |
| Software | Windows 10 Pro |
Its B
if a host system wishes to use a protocol i.e http from the server,
then the source address= hosts address, source port = any port after 1023 on host while
the destination address= servers address, destination port = server port ( http= 80)
now refer our question,
ip ACL 100
10 permit .... - this line permits the traffic coming from host network to servers SSH port (22 port of server).
20 permit .... - this line permits the traffic coming from telnet ports of host network to the server.
ip ACL 101
10 permit .... - this line permits the traffic coming from servers SSH port (22 port of server) to host network.
20 permit .... - this line permits the traffic coming from the server to telnet ports of host network.
so in this way, only SSH traffic would pass and not telnet.
and if You want telnet traffic also to pass, then instead of allowing telnet ports on the host network, we would have to allow traffic from the telnet port of the server.
if a host system wishes to use a protocol i.e http from the server,
then the source address= hosts address, source port = any port after 1023 on host while
the destination address= servers address, destination port = server port ( http= 80)
now refer our question,
ip ACL 100
10 permit .... - this line permits the traffic coming from host network to servers SSH port (22 port of server).
20 permit .... - this line permits the traffic coming from telnet ports of host network to the server.
ip ACL 101
10 permit .... - this line permits the traffic coming from servers SSH port (22 port of server) to host network.
20 permit .... - this line permits the traffic coming from the server to telnet ports of host network.
so in this way, only SSH traffic would pass and not telnet.
and if You want telnet traffic also to pass, then instead of allowing telnet ports on the host network, we would have to allow traffic from the telnet port of the server.
Last edited:
Link to the picture http://img806.imageshack.us/f/24879314.jpg/
Munki: thanks alot, i thought that telnet and ssh using the same port both directions
Munki: thanks alot, i thought that telnet and ssh using the same port both directions