Unless they're going through the router to get to the server an access-list
won't help you there. That just filters traffic passing through interfaces.
If it's on the same network you'll have to permit/deny at the server itself.
It's possible with all operating systems. What kind of server is it?
----- Original Message -----
From: "Luke"
To:
Sent: Thursday, April 19, 2001 2:19 PM
Subject: Need access list help [7:1274]
> Have following internal local networks:
>
> Local Networks : 10.42.232.0 through 10.42.239.0
> Have a host at 10.42.237.23 that I want to permit local networks
to
> access (TCP port 2200)
> Want to deny access to host 10.42.237.23 for all others
> Want to permit all other traffic any any
>
> In effect I just need to deny access to one host for stated port for
> every not on the local network. What should the access-list look like,
I'd
> hate to club my local network.
>
> May current plan was to
>
> access-list 113 permit tcp 10.42.232.0 0.0.248.255 host
10.42.237.23
> access-list 113 deny tcp any host 10.42.237.23
> access-list 113 permit tcp any any
> {implicit deny}
>
> config-int vlan 237
> ip access-group 113 in
>
> But I have have the sinking feeling I am about to club all other
> protocols. Can someone straighten me out?
>
> Thanks in advance.
>
> Luke
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1279&t=1274
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
