Scribd Logo
Upload

Welcome to Scribd!

  • Access List

    Uploaded by

    José Luis Morales H
    14 views6 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views6 pages

    Access List

    Uploaded by

    José Luis Morales H

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ***************************************************************** Configurar Lista de Permitir/Denegar las ip LAN para navegar con un puerto deter minado ***************************************************************** Usar segun

    criterio los comandos segun necesidad del cliente Comando: no access-list 101 permit udp host 10.253.106.50 eq 80 any no access-list 101 deny udp any eq 80 any ***************************************************************** interface ATM0.1 point-to-point pvc 8/60 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 10.253.106.252 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 hold-queue 100 out ! interface Dialer0 ip address 190.41.243.40 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow ip tcp adjust-mss 1360 dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname plaa7@speedyplus ppp chap password 0 plaa7 ppp pap sent-username plaa7@speedyplus password 0 plaa7 ! router rip version 2 network 10.0.0.0 network 172.17.0.0 no auto-summary !

    ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 10.253.106.170 85 190.41.243.40 85 extendable ip nat inside source static udp 10.253.106.170 85 190.41.243.40 85 extendable ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.253.106.0 0.0.0.255 access-list 101 permit udp host 10.253.106.50 eq 80 any (permite que la direccio n ip 10.253.106.50 tenga unicamente salida al puerto 80) (si lo negamos esto indicaria qu e va a poder navegar sin restricciones) access-list 101 deny udp any eq 80 any dialer-list 1 protocol ip permit snmp-server community T9G7E RO snmp-server trap-source Vlan1 snmp-server host 1.1.1.1 T9G7E tacacs-server host 200.121.63.99 key gics tacacs-server timeout 3 ! control-plane ! banner motd ^CCCCC ------------------------------------PLASTICA ------------------------------------CA 16 120 LIMA SAN MIGUEL TELEFONO 2647803 ORDEN 2460 -----------------------------------^C ! line con 0 no modem enable line aux 0 line vty 0 4 password telefonica ! scheduler max-task-time 5000 end PLASICA_CAB#config term Enter configuration commands, one per line. End with CNTL/Z. PLASICA_CAB(config)#no access-list 101 permit udp host 10.253.106.50 eq 80 any PLASICA_CAB(config)#no access-list 101 deny udp any eq 80 any PLASICA_CAB(config)#end PLASICA_CAB#wr Building configuration... [OK] PLASICA_CAB#show run Building configuration... Current configuration : 3895 bytes ! version 12.4 no service pad service timestamps debug datetime msec

    service timestamps log datetime msec no service password-encryption ! hostname PLASICA_CAB ! boot-start-marker boot-end-marker ! logging buffered 4096 enable password telefonica ! aaa new-model ! ! aaa authentication login default group tacacs+ local aaa authorization config-commands aaa authorization exec default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ ! ! aaa session-id common ! ! dot11 syslog ! ! ip cef ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 no ip bootp server ip domain name vpn_telefonica.com ip name-server 200.48.225.130 ip name-server 200.48.225.146 ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key plastica address 0.0.0.0 0.0.0.0 crypto isakmp identity hostname crypto isakmp keepalive 10 periodic ! ! crypto ipsec transform-set ROUTER_MC_Default-Strong-TS esp-3des esp-sha-hmac ! crypto ipsec profile ROUTER_MC_Default-Tunnel set transform-set ROUTER_MC_Default-Strong-TS ! ! archive log config

    hidekeys ! ! ! ! ! interface Tunnel0 bandwidth 1000 ip address 172.17.124.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 360 no ip route-cache cef no ip route-cache ip tcp adjust-mss 1360 no ip split-horizon no ip mroute-cache delay 1000 tunnel source Dialer0 tunnel mode gre multipoint tunnel key 1 tunnel path-mtu-discovery tunnel protection ipsec profile ROUTER_MC_Default-Tunnel ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 8/60 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 10.253.106.252 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 hold-queue 100 out !

    interface Dialer0 ip address 190.41.243.40 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow ip tcp adjust-mss 1360 dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname plaa7@speedyplus ppp chap password 0 plaa7 ppp pap sent-username plaa7@speedyplus password 0 plaa7 ! router rip version 2 network 10.0.0.0 network 172.17.0.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 10.253.106.170 85 190.41.243.40 85 extendable ip nat inside source static udp 10.253.106.170 85 190.41.243.40 85 extendable ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.253.106.0 0.0.0.255 dialer-list 1 protocol ip permit snmp-server community T9G7E RO snmp-server trap-source Vlan1 snmp-server host 1.1.1.1 T9G7E tacacs-server host 200.121.63.99 key gics tacacs-server timeout 3 ! control-plane ! banner motd ^CCCCC ------------------------------------PLASTICA ------------------------------------CA 16 120 LIMA SAN MIGUEL TELEFONO 2647803 ORDEN 2460 -----------------------------------^C ! line con 0 no modem enable line aux 0 line vty 0 4 password telefonica ! scheduler max-task-time 5000

    end PLASICA_CAB# PLASICA_CAB#show run ***************************************************************** *****************************************************************

    You might also like