Router> Router> Router> Router>enable Password: Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#show run ^ % Invalid input detected at '^' marker. Router(config)#do show run Building configuration... Current configuration : 948 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 110 deny tcp any host 192.168.1.89 eq telnet access-list 110 permit ip any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config)#interface serial 0/0 Router(config-if)#ip address 172.16.144.2 255.255.255.224 Router(config-if)#no shut Router(config-if)# *Mar 1 01:29:47.722: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 01:29:50.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up Router(config-if)#exit Router(config)#interface e0/0 Router(config-if)#do show ip show ip % Incomplete command. Router(config-if)#do show ip ? % Ambiguous command: "do show ip " Router(config-if)#ip address 192.168.1.253 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#do show run Building configuration... Current configuration : 965 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 110 deny tcp any host 192.168.1.89 eq telnet access-list 110 permit ip any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config)#no access-list 110 deny tcp any host 192.168.1.89 eq telnet Router(config)#no access-list 110 permit ip any any Router(config)#do show run Building configuration... Current configuration : 872 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config)#interface s0/0 Router(config-if)#time Router(config-if)#clock Router(config-if)#clock rate 56000 Router(config-if)#^Z Router#cop *Mar 1 01:34:01.314: %SYS-5-CONFIG_I: Configured from console by conso % Ambiguous command: "c" Router#copy run start Destination filename [startup-config]? Building configuration... [OK] Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router rip ? Router(config)#router rip Router(config-router)# version 2 Router(config-router)# net Router(config-router)# network ? A.B.C.D Network number Router(config-router)# network 192.168.1.0 Router(config-router)# network 172.16.144.0 255.255.255.224 ^ % Invalid input detected at '^' marker. Router(config-router)# network 172.16.144.0/27 ^ % Invalid input detected at '^' marker. Router(config-router)# network 172.16.144.0 Router(config-router)#network 192.168.2.0 Router(config-router)# Router(config-router)#^Z Router# *Mar 1 01:39:36.127: %SYS-5-CONFIG_I: Configured from console by consolehost Router#hostna Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#copy run start ^ % Invalid input detected at '^' marker. R1(config)#do copy run start Destination filename [startup-config]? Building configuration... [OK] R1(config)#show run ^ % Invalid input detected at '^' marker. R1(config)#do show run Building configuration... Current configuration : 954 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)# R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) drip Dynamic Routing Information Protocol (3949) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) pim-auto-rp PIM Auto-RP (496) pop2 Post Office Protocol v2 (109) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) sunrpc Sun Remote Procedure Call (111) syslog Syslog (514) tacacs TAC Access Control System (49) talk Talk (517) telnet Telnet (23) time Time (37) uucp Unix-to-Unix Copy Program (540) whois Nicname (43) www World Wide Web (HTTP, 80) R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www ? ack Match on the ACK bit dscp Match packets with given dscp value established Match established connections fin Match on the FIN bit log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value psh Match on the PSH bit rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www R1(config)#$ 110 deny tcp any any eq www R1(config)#exit R1#int *Mar 1 02:32:58.869: %SYS-5-CONFIG_I: Configured from console by cons R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface e0/0 R1(config-if)#access R1(config-if)#access-expression ? input Filter input packets output Filter output packets R1(config-if)#access ? input Filter input packets output Filter output packets R1(config-if)#? Interface configuration commands: access-expression Build a bridge boolean access expression arp Set arp type (arpa, probe, snap) or timeout backup Modify backup parameters bandwidth Set bandwidth informational parameter bgp-policy Apply policy propagated by bgp community string bridge-group Transparent bridging interface parameters carrier-delay Specify delay for interface transitions cdp CDP interface subcommands clns CLNS interface subcommands cmns OSI CMNS crypto Encryption/Decryption commands custom-queue-list Assign a custom queue list to an interface dampening Enable event dampening default Set a command to its defaults delay Specify interface throughput delay description Interface specific description diffserv diffserv (Provisioning) dot1q dot1q interface configuration commands dot1x Interface Config Commands for 802.1x duplex Configure duplex operation. eou EAPoUDP Interface Configuration Commands exit Exit from interface configuration mode fair-queue Enable Fair Queuing on an Interface flow-sampler Attach flow sampler to the interface full-duplex Configure full-duplex operational mode glbp Gateway Load Balancing Protocol interface commands half-duplex Configure half-duplex and related commands help Description of the interactive help system hold-queue Set hold queue depth ip Interface Internet Protocol config commands isis IS-IS commands iso-igrp ISO-IGRP interface subcommands keepalive Enable keepalive llc2 LLC2 Interface Subcommands load-interval Specify interval for load calculation for an interface logging Configure logging for interface loopback Configure internal loopback on an interface mac-address Manually set interface MAC address max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface mls mls interface commands mop DEC MOP server commands mtu Set the interface Maximum Transmission Unit (MTU) netbios Use a defined NETBIOS access list or enable name-caching no Negate a command or set its defaults ntp Configure NTP pagp PAgP interface subcommands pppoe pppoe interface subcommands pppoe-client pppoe client priority-group Assign a priority group to an interface random-detect Enable Weighted Random Early Detection (WRED) on an Interface rate-limit Rate Limit roles Specify roles (by entering roles mode) routing Per-interface routing configuration service-policy Configure QoS Service Policy shutdown Shutdown the selected interface snapshot Configure snapshot support on the interface snmp Modify SNMP interface parameters standby HSRP interface configuration commands tarp TARP interface subcommands timeout Define timeout values for this interface traffic-shape Enable Traffic Shaping on an Interface or Sub-Interface transmit-interface Assign a transmit interface to a receive-only interface tx-ring-limit Configure PA level transmit ring limit vlan-id Process VLAN-encapsulated packets with a specific VLAN ID vlan-range Process VLAN-encapsulated packets with a range of VLAN IDs vrrp VRRP Interface configuration commands R1(config-if)#ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands R1(config-if)#ip acce R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 in R1(config-if)#ip access-group 110 out R1(config-if)#interface s0/0 R1(config-if)#ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands R1(config-if)#ip acce R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 in R1(config-if)#ip access-group 110 out R1(config-if)#interface e0/0 R1(config-if)#acce R1(config-if)#ip acc R1(config-if)#ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands R1(config-if)#^Z R1#confi *Mar 1 02:39:28.491: %SYS-5-CONFIG_I: Configured from console by consoleg t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list 120 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R1(config)#access-list 120 permit % Incomplete command. R1(config)#access-list 120 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 120 permit tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 120 permit tcp any % Incomplete command. R1(config)#access-list 120 permit tcp any any R1(config)#interface e0/0 R1(config-if)#ip acc R1(config-if)#ip access R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 120 ? in inbound packets out outbound packets R1(config-if)#ip access-group 120 in R1(config-if)#ip access-group 120 out R1(config-if)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ^ % Invalid input detected at '^' marker. R1(config-if)#exit R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ^ % Invalid input detected at '^' marker. R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) drip Dynamic Routing Information Protocol (3949) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) pim-auto-rp PIM Auto-RP (496) pop2 Post Office Protocol v2 (109) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) sunrpc Sun Remote Procedure Call (111) syslog Syslog (514) tacacs TAC Access Control System (49) talk Talk (517) telnet Telnet (23) time Time (37) uucp Unix-to-Unix Copy Program (540) whois Nicname (43) www World Wide Web (HTTP, 80) R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq echo R1(config)#$ 110 permit tcp host 192.168.2.99 host 192.168.1.253 eq echo R1(config)#interface e0/0 R1(config-if)#ip access-group 120 in R1(config-if)#ip access-group 120 out R1(config-if)#ip access-group 110 out R1(config-if)#ip access-group 110 in R1(config-if)#exit R1(config)#do show run Building configuration... Current configuration : 1320 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www access-list 110 deny tcp any any eq www access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq echo access-list 110 permit tcp host 192.168.2.99 host 192.168.1.253 eq echo access-list 120 permit tcp any any ! R1(config)#acc R1(config)#no access-list 110 deny tcp any any eq www R1(config)#show access R1(config)#do show access-list Extended IP access list 120 10 permit tcp any any R1(config)#do show run Building configuration... Current configuration : 1063 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 120 permit tcp any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#R1(config)#do show run Building configuration... Current configuration : 1063 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 120 permit tcp any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#no ip acc R1(config)#no ip access-group 110 in ^ % Invalid input detected at '^' marker. R1(config)#interface e0/0 R1(config-if)#no ip access-group 110 in R1(config-if)#no ip access-group 110 out R1(config-if)#interface s0/0 R1(config-if)#no ip access-group 110 in R1(config-if)#no ip access-group 110 out R1(config-if)#interface e0/1 R1(config-if)#no ip access-group 110 in\ ^ % Invalid input detected at '^' marker. R1(config-if)#no ip access-group 110 in R1(config-if)#exit R1(config)#no access-list 120 permit tcp any any R1(config)#show run ^ % Invalid input detected at '^' marker. R1(config)#do show run Building configuration... Current configuration : 906 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)# R1(config)#do show run Building configuration... Current configuration : 906 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#access R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list R1(config)#access-list 120 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R1(config)#access-list 120 deny ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 120 deny R1#config t *Mar 1 02:58:29.955: %SYS-5-CONFIG_I: Configured from console by R1#enableaccess R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#access R1(config)#access-list 120 deny tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 120 deny tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 120 deny tcp any host ? Hostname or A.B.C.D Destination address R1(config)#access-list 120 deny tcp any host 192.168.1.253 eq www R1(config)#access-list 120 permit ip any any R1(config)#interface e0/0 R1(config-if)#ip acces R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 120 ? in inbound packets out outbound packets R1(config-if)#ip access-group 120 out R1(config-if)#ip access-group 120 in R1(config-if)#interface s0/0 R1(config-if)#ip access R1(config-if)#ip access-group 120 out R1(config-if)#ip access-group 120 in R1(config-if)#interface e0/0 R1(config-if)#no ip access-group 120 in R1(config-if)#