Cisco Systems 78-11741-02 Wireless Office Headset User Manual

Open as PDF

of 624

Configuring IP Services

IP Services Configuration Examples

IPC-125

Cisco IOS IP Configuration Guide

IP Extended Access List with Fragment Control Example

The first statement will match and deny only noninitial fragments destined for host 1.1.1.1. The second

statement will match and permit only the remaining nonfragmented and initial fragments that are

destined for host 1.1.1.1 TCP port 80. The third statement will deny all other traffic. In order to block

noninitial fragments for any TCP port, we must block noninitial fragments for all TCP ports, including

port 80 for host 1.1.1.1.

access-list 101 deny ip any host 1.1.1.1 fragments

access-list 101 permit tcp any host 1.1.1.1 eq 80

access-list 101 deny ip any any

Time Range Applied to an IP Access List Example

The following example denies HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m. on

IP. The example allows UDP traffic on Saturday and Sunday from noon to 8:00 p.m. only.

time-range no-http

periodic weekdays 8:00 to 18:00

time-range udp-yes

periodic weekend 12:00 to 20:00

ip access-list extended strict

deny tcp any any eq http time-range no-http

permit udp any any time-range udp-yes

interface ethernet 0

ip access-group strict in

Commented IP Access List Entry Examples

In the following example of a numbered access list, the workstation belonging to Jones is allowed access

and the workstation belonging to Smith is not allowed access:

access-list 1 remark Permit only Jones workstation through

access-list 1 permit 171.69.2.88

access-list 1 remark Do not allow Smith workstation through

access-list 1 deny 171.69.3.13

In the following example of a numbered access list, the Winter and Smith workstations are not allowed

to browse the web:

access-list 100 remark Do not allow Winter to browse the web

access-list 100 deny host 171.69.3.85 any eq http

access-list 100 remark Do not allow Smith to browse the web

access-list 100 deny host 171.69.3.13 any eq http

In the following example of a named access list, the Jones subnet is not allowed access:

ip access-list standard prevention

remark Do not allow Jones subnet through

deny 171.69.0.0 0.0.255.255

In the following example of a named access list, the Jones subnet is not allowed to use outbound Telnet:

ip access-list extended telnetting

remark Do not allow Jones subnet to telnet out

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 78-11741-02 Wireless Office Headset User Manual