Skip to main content

subnet mask

More
20 years 10 months ago #2467 by tfs
Replied by tfs on topic Re: subnet mask
I think he means routerA and not router 1.

Thanks,

Tom
More
20 years 10 months ago #2478 by sahirh
Replied by sahirh on topic Re: subnet mask
If thats what it meant... it makes a bit more sense... but you should still be applying those ACLs to the virtual terminal (telnet) interfaces :
line vty
access-class 101 in
^Z

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 10 months ago #2480 by indebluez
Replied by indebluez on topic Re: subnet mask
oh i didnt noe we had to apply the access-list at line vty interface if we are blocking telnet
in celticrover site...under the lab sessions...in telnet lab...
its just been placed at the ethernet int.
plz reply as soon as possible
More
20 years 10 months ago #2488 by UHSsncmrm
Replied by UHSsncmrm on topic Re: subnet mask
Test solution is incorrect, your ACL will work, Sahirh is right also, if you had a bri for dial-up access or so, telnet would be permitted.

Apply ACL to vty, and NO access, however, you lock yourself out save for console.

A scapegoat is often as welcome as a solution...never memorize what you can look up.
More
20 years 10 months ago #2490 by sahirh
Replied by sahirh on topic Re: subnet mask
Understand this :

If you apply the ACL to the vty interfaces, then it will apply to someone trying to log in to the router via telnet. However if you apply the ACL to the regular interfaces, then the router will not forward telnet packets..

You see the difference ? Say you wanted to isolate one subnet and not allow any telnet access there, then you would apply the ACL to the regular interface that leads there.

Also remember, standard access lists are placed as close to the destination as possible, while extended access lists are placed as close to the source of the traffic as possible.

Also remember, you can only apply one ACL per interface, and you should start with the most specific tests at the top and go on downwards. The ACLs are read from top to bottom and the second a test matches the current packet, the remaining rules are ignored so there is no point testing for the same criteria twice.

Also remember that there is an implicit deny all statement at the end of every access list, so if you don't have at least one permit statement in the list, the interface will be as good as shutdown.

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 10 months ago #2491 by indebluez
Replied by indebluez on topic Re: subnet mask
hi sahirh, thx i really understd by wht it means to place it on the int n vty now...thx a mil!
one last qn on this qn from celtic site...
how did celtic get 3 braodcast domains???

the qn looks something like this....

3 workstattions - bridge- hub- router - switch-4 workstattions

i understand how he got
7 collision domains (4+3 wkstattions, as switchses n bridges break up collision domains)...but how 3 broadcast domains??
Time to create page: 0.132 seconds