Hi!
I'm doing these with our Cisco 2501, IOS 10.3(2), to restrict access
from "outside" access to our POP server (202.47.x.x):
Router#conf t
Router(config)#access-list 100 deny 110 any host 202.47.x.x
Router(config)#access-list 100 permit ip any any
Then apply the access-list to Serial 0
Router#conf t
Router(config)#interface s0
Router(config-if)#ip access-group 100 in
BUT when i test the above config, i can still telnet to port 110 of
202.47.x.x, which means no filtering is done at the 2501?
I thought i may need to interchange the access-list config, so i did:
Router#conf t
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 deny 110 any host 202.47.x.x
But the result is still the same.
Then again i thought i may not need the permit thing in the access-list,
so i negate the access-list then do:
Router#conf t
Router(config)#access-list 100 deny 110 any host 202.47.x.x
But this is worse because the whole access in and out via s0 is down!
What did i miss?
'Appreciate any comments. TIA!
+-------------------------------------+
| JOSEPH B. ANDRES, JR. |
| MailStation Net |
| Philippines |
|-------------------------------------|
+-------------------------------------+