Cisco - IOS Samples

From PeformIQ Upgrade
Revision as of 17:23, 2 January 2008 by PeterHarding (talk | contribs) (New page: = Sample ACL Setup = <pre> ip access-list extended internet-inbound permit tcp any any established permit ospf host abc.xyz.90.49 any permit 41 any any permit pim any any deny ip 1...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sample ACL Setup

ip access-list extended internet-inbound
 permit tcp any any established
 permit ospf host abc.xyz.90.49 any
 permit 41 any any
 permit pim any any
 deny   ip 127.0.0.0 0.255.255.255 any log
 deny   ip 10.0.0.0 0.255.255.255 any log
 deny   ip 172.16.0.0 0.15.255.255 any log
 deny   ip 192.168.0.0 0.0.255.255 any log
 deny   ip abc.xyz.250.0 0.0.0.255 any log
 permit ip any 224.0.0.0 15.255.255.255
 permit ip host abc.xyz.60.21 any
 permit ip host abc.xyz.82.25 any
 permit ip host abc.xyz.82.30 any
 permit tcp any host abc.xyz.250.5 eq nntp
 permit tcp any host abc.xyz.250.5 eq 120
 permit tcp any host abc.xyz.250.6 eq nntp
 permit tcp any host abc.xyz.250.6 eq 120
 permit tcp any host abc.xyz.250.5 eq www
 permit tcp any host abc.xyz.250.6 eq www
 permit udp any host abc.xyz.250.5 eq domain
 permit udp any host abc.xyz.250.6 eq domain
 permit tcp any host abc.xyz.250.5 eq smtp
 permit tcp any host abc.xyz.250.6 eq smtp
 permit tcp any host abc.xyz.250.5 eq pop3
 permit tcp any host abc.xyz.250.6 eq pop3
 permit tcp any abc.xyz.250.0 0.0.0.255 eq ident
 permit udp any abc.xyz.250.0 0.0.0.255 eq 113
 permit tcp any host abc.xyz.253.51 eq 22
 permit tcp any abc.xyz.250.0 0.0.0.255 eq 22
 permit udp any abc.xyz.250.0 0.0.0.255 eq 22
 permit tcp any host abc.xyz.250.5 eq ftp
 permit tcp any host abc.xyz.250.5 eq ftp-data
 permit tcp any host abc.xyz.250.6 eq ftp
 permit tcp any host abc.xyz.250.6 eq ftp-data
 permit tcp abc.xyz.60.0 0.0.1.255 any eq 6000
 permit tcp abc.xyz.156.0 0.0.0.255 any eq 6000
 permit udp abc.xyz.0.0 0.0.255.255 any eq bootps
 permit tcp abc.xyz.60.0 0.0.1.255 any range 135 139
 permit udp abc.xyz.60.0 0.0.1.255 any range 135 netbios-ss
 permit tcp abc.xyz.60.0 0.0.1.255 any eq 445
 permit udp abc.xyz.60.0 0.0.1.255 any eq 445
 permit tcp abc.xyz.156.0 0.0.0.255 any range 135 139
 permit udp abc.xyz.156.0 0.0.0.255 any range 135 netbios-ss
 permit tcp abc.xyz.156.0 0.0.0.255 any eq 445
 permit udp abc.xyz.156.0 0.0.0.255 any eq 445
 permit udp any abc.xyz.250.0 0.0.0.255 eq 4755
 permit udp any any eq ntp
 permit udp any any eq tftp
 permit icmp any abc.xyz.250.0 0.0.0.255 administratively-prohibited
 permit icmp any abc.xyz.250.0 0.0.0.255 echo
 permit icmp any abc.xyz.250.0 0.0.0.255 echo-reply
 permit icmp any abc.xyz.250.0 0.0.0.255 packet-too-big
 permit icmp any abc.xyz.250.0 0.0.0.255 time-exceeded
 permit icmp any abc.xyz.250.0 0.0.0.255 traceroute
 permit icmp any abc.xyz.250.0 0.0.0.255 unreachable
 permit ip host abc.xyz.90.49 host abc.xyz.90.50
 permit ip host abc.xyz.90.49 host abc.xyz.250.1
 permit ip host abc.xyz.90.49 host abc.xyz.253.51
 permit ip abc.xyz.60.0 0.0.1.255 host abc.xyz.253.51
 permit ip abc.xyz.60.0 0.0.1.255 host abc.xyz.250.1
 permit ip abc.xyz.60.0 0.0.1.255 host abc.xyz.90.50
 permit ip abc.xyz.156.0 0.0.1.255 host abc.xyz.253.51
 permit ip abc.xyz.156.0 0.0.1.255 host abc.xyz.250.1
 permit ip abc.xyz.156.0 0.0.1.255 host abc.xyz.90.50
 permit ip abc.xyz.250.0 0.0.0.255 host abc.xyz.253.51
 permit ip abc.xyz.250.0 0.0.0.255 host abc.xyz.250.1
 permit ip abc.xyz.250.0 0.0.0.255 host abc.xyz.90.50
 evaluate internet-iptraffic 
 deny   ip any any log


ip access-list extended internet-outbound
 permit ip abc.xyz.250.0 0.0.0.255 any reflect internet-iptraffic
Retrieved from "https://performiq.com/kb/index.php?title=Cisco_-_IOS_Samples&oldid=547"