no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 --More--   ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 110 deny tcp any host 192.168.1.89 eq telnet access-list 110 permit ip any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken --More--   login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config)#interface serial 0/0 Router(config-if)#ip address 172.16.144.2 255.255.255.224 Router(config-if)#no shut Router(config-if)# *Mar 1 01:29:47.722: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 01:29:50.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up Router(config-if)#exit Router(config)#interface e0/0 Router(config-if)#show      do show ip show ip % Incomplete command. Router(config-if)#do show ip ? % Ambiguous command: "do show ip " Router(config-if)#do show ip            ip address 192.168.1.253 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#do show run Building configuration... Current configuration : 965 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 --More--   ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 110 deny tcp any host 192.168.1.89 eq telnet access-list 110 permit ip any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login --More--  line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config)#no access-list 110 deny tcp any host 192.168.1.89 eq telnet Router(config)#nmo    o access-list 110 permit ip any any Router(config)#do show run Building configuration... Current configuration : 872 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 --More--   ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in --More--   password ch1cken login ! ! end Router(config)#interface serial      s0/0 Router(config-if)#time Router(config-if)#timeout         clock Router(config-if)#clock rate 56000 Router(config-if)#^Z Router#cop *Mar 1 01:34:01.314: %SYS-5-CONFIG_I: Configured from console by consoleyu     % Ambiguous command: "c" Router#copy run start Destination filename [startup-config]? Building configuration... [OK] Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router rip ? Router(config)#router rip Router(config-router)# version 2 Router(config-router)# net Router(config-router)# network ? A.B.C.D Network number Router(config-router)# network 1 9 2 . 1 6 8 . 1 . 0  Router(config-router)# network 192.168.1.0            72.16.144.0 255.255.255.224 ^ % Invalid input detected at '^' marker. Router(config-router)# network 172.16.144.0 255.255.255.224                /27 ^ % Invalid input detected at '^' marker. Router(config-router)# network 172.16.144.0/27    Router(config-router)#network 192.168.2.44  0 Router(config-router)#^Z Router# *Mar 1 01:39:36.127: %SYS-5-CONFIG_I: Configured from console by consolehost Router#hostna Router#hostna      config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#copy run start ^ % Invalid input detected at '^' marker. R1(config)#do copy run start Destination filename [startup-config]? Building configuration... [OK] R1(config)#show run ^ % Invalid input detected at '^' marker. R1(config)#do show run Building configuration... Current configuration : 954 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 --More--   ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 --More--  line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)# exit R1#ex *Mar 1 01:41:28.984: %SYS-5-CONFIG_I: Configured from console by consoleit R1 con0 is now available Press RETURN to get started. R0>enable R0#config t Enter configuration commands, one per line. End with CNTL/Z. R0(config)#line vty 0 ? <1-181> Last Line number R0(config)#line vty 0 181 R0(config-line)#enable pa  ch1          password ch1cken R0(config-line)#service passwo R0(config-line)#service passwo      ? % Unrecognized command R0(config-line)#service         exit R0(config)#service pass R0(config)#service password-encryption R0(config)#show run ^ % Invalid input detected at '^' marker. R0(config)#do show run Building configuration... Current configuration : 681 bytes ! version 12.4 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname R0 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected --More--  ! --More--  ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.254 255.255.255.0 full-duplex ! interface Serial0/0 ip address 172.16.144.1 255.255.255.224 clockrate 56000 ! ip classless ! ip http server no ip http secure-server --More--  ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 password 7 070C291D4D021C0B login line vty 5 181 password 7 070C291D4D021C0B login ! ! end R0(config)#router rip R0(config-router)#version 2 R0(config-router)#network 172.16.144.0 R0(config-router)#network 172.16.144.0           192.168.1.0 ^ % Invalid input detected at '^' marker. R0(config-router)#network 1192.168.1.092.168.1.0  R0(config-router)#network 192.168.1.0.0 2.0 R0(config-router)#d   network ? A.B.C.D Network number R0(config-router)#network      work 192.168.2.0             192.168.1.0 ? R0(config-router)#network 192.168.1.0                     exit R0(config)#copy run start ^ % Invalid input detected at '^' marker. R0(config)#do copy run start Destination filename [startup-config]? Warning: Attempting to overwrite an NVRAM configuration previously written by a different version of the system image. Overwrite the previous NVRAM configuration?[confirm] Building configuration... [OK] R0(config)#show run ^ % Invalid input detected at '^' marker. R0(config)#do show run Building configuration... Current configuration : 767 bytes ! version 12.4 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname R0 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected --More--  ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.254 255.255.255.0 full-duplex ! interface Serial0/0 ip address 172.16.144.1 255.255.255.224 clockrate 56000 ! router rip version 2 network 172.16.0.0 --More--   network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 password 7 070C291D4D021C0B login line vty 5 181 password 7 070C291D4D021C0B login --More--  ! --More--  ! end R0(config)# R0# 00:51:06: %SYS-5-CONFIG_I: Configured from console by console R0#a enable R0#config t Enter configuration commands, one per line. End with CNTL/Z. R0(config)#interface e0/0 R0(config-if)#ip address 192.168.2.254 255.255.255.0 R0(config-if)#^Z R0#copy 01:00:15: %SYS-5-CONFIG_I: Configured from console by console run start Destination filename [startup-config]? Building configuration... [OK] R0# Continue with configuration dialog? [yes/no]: 00:54:39: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 00:54:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up % Please answer 'yes' or 'no'. Continue with configuration dialog? [yes/no]: n Press RETURN to get started. Switch>enable Switch#conif     show co    run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 ! --More--  interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 --More--  ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! --More--  interface VLAN1 no ip directed-broadcast no ip route-cache ! ! line con 0 transport input none stopbits 1 line vty 5 15 ! end Switch#interface vlan  1 ^ % Invalid input detected at '^' marker. Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# 01:06:13: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up 01:06:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up 01:06:14: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). 01:06:14: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). 01:06:14: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). 01:06:33: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). Switch(config)#interface vlan1 Switch(config-if)#ip address 192.168.2.88 255.255.255.0 Switch(config-if)#no shut 01:07:33: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). Switch(config-if)#fuplex full ^ % Invalid input detected at '^' marker. Switch(config-if)#fuplex fullfuplex full duplex full ^ % Invalid input detected at '^' marker. Switch(config-if)#duplex full           exit Switch(config)# 01:08:33: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). Switch(config)#ip defay ult ga Switch(config)#ip default ga Switch(config)#ip default ga            de Switch(config)#ip default-gateway 192.168.2.254 Switch(config)#interface e0/8 ^ % Invalid input detected at '^' marker. Switch(config)#interface e0/8e0/8 f0/8a0/8 Switch(config-if)#duplex 01:09:33: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/8 (not full duplex), with R0 Ethernet0/0 (full duplex). % Incomplete command. Switch(config-if)#duplex ful Switch(config-if)#duplex full Switch(config-if)# 01:09:46: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down 01:09:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down 01:09:48: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up 01:09:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#do show run ^ % Invalid input detected at '^' marker. Switch(config)#exit Switch#show 01:10:43: %SYS-5-CONFIG_I: Configured from console by consolerun Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 ! --More--  interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 duplex full ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! --More--  interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 --More--  ! interface VLAN1 ip address 192.168.2.88 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.2.254 ! line con 0 transport input none stopbits 1 line vty 5 15 ! end Switch#interface 0/9 ^ % Invalid input detected at '^' marker. Switch#copy run start Destination filename [startup-config]? Building configuration... [OK] Switch#show run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 ! --More--  interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 duplex full ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! --More--  interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 --More--  ! interface VLAN1 ip address 192.168.2.88 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.2.254 ! line con 0 transport input none stopbits 1 line vty 5 15 ! end Switch#interface           config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface 0/9 ^ % Invalid input detected at '^' marker. Switch(config)#interface 0/9             ^Z Switch#pi 01:12:15: %SYS-5-CONFIG_I: Configured from console by consoleng     e Translating "pe"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Switch# Switch# Switch#^Z Switch#^Z Switch#^Z Switch#ping 192.168.2.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1002 ms Switch#ping 192.168.2.254   99 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.99, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface fra0/9a0/9  Switch(config-if)#duplex full Switch(config-if)# 01:13:31: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to down 01:13:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to down 01:13:33: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 01:13:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up Switch(config-if)#no shut Switch(config-if)#ping 192.168.             exit Switch(config)#exit Switch#ping 01:13:52: %SYS-5-CONFIG_I: Configured from console by console192.16892.168.2.99 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.99, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Switch#ping 192.168.2.99 show run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 ! --More--  interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 duplex full ! interface FastEthernet0/9 duplex full ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 --More--  ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! --More--  interface FastEthernet0/24 ! interface VLAN1 ip address 192.168.2.88 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.2.254 ! line con 0 transport input none stopbits 1 line vty 5 15 ! end Switch#h interface           config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface fa0/9 Switch(config-if)#switchpo Switch(config-if)#switchport mode ? access Set trunking mode to ACCESS unconditionally multi Set trunking mode to multi-VLAN mode trunk Set trunking mode to TRUNK unconditionally Switch(config-if)#switchport mode trunk Switch(config-if)#exit Switch(config)#interface fa0/8 Switch(config-if)#switchpo Switch(config-if)#switchport mode tru Switch(config-if)#switchport mode trunk Switch(config-if)#^Z Switch# 01:17:11: %SYS-5-CONFIG_I: Configured from console by consoleping 192.168.2.2 99 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.99, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Switch#copy run Switch#copy running-config start Switch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Switch# 01:23:17: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down 01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down 01:23:25: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to down 01:23:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to down 01:24:17: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up 01:24:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up 01:24:22: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up 01:24:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up 01:24:25: %LINK-4-ERROR: FastEthernet0/8 is experiencing errors 01:24:59: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down 01:25:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down 01:25:06: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up 01:25:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up 01:25:32: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down 01:25:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down 01:25:35: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up 01:25:36: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not full duplex), with R1 Ethernet0/0 (full duplex). 01:25:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up 01:25:36: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not full duplex), with R1 Ethernet0/0 (full duplex). 01:25:36: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not full duplex), with R1 Ethernet0/0 (full duplex). 01:25:36: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not full duplex), with R1 Ethernet0/0 (full duplex). 01:25:54: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down 01:25:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down 01:26:24: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to down 01:26:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to down Switch con0 is now available Press RETURN to get started. R1>enable Password: R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list R1(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R1(config)#access-list 110 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 110 permit tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 110 permit tcp host 192.168.3 1.99 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 ? ack Match on the ACK bit dscp Match packets with given dscp value eq Match only packets on a given port number established Match established connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value psh Match on the PSH bit range Match only packets in the range of port numbers rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R1(config)#access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) drip Dynamic Routing Information Protocol (3949) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) --More--   pim-auto-rp PIM Auto-RP (496) pop2 Post Office Protocol v2 (109) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) sunrpc Sun Remote Procedure Call (111) syslog Syslog (514) tacacs TAC Access Control System (49) talk Talk (517) telnet Telnet (23) time Time (37) uucp Unix-to-Unix Copy Program (540) whois Nicname (43) www World Wide Web (HTTP, 80) R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www ? ack Match on the ACK bit dscp Match packets with given dscp value established Match established connections fin Match on the FIN bit log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value psh Match on the PSH bit rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www t tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.99 host 192.168.1.253 eq www d tcp host 192.168.1.99 host 192.168.1.253 eq www e tcp host 192.168.1.99 host 192.168.1.253 eq www n tcp host 192.168.1.99 host 192.168.1.253 eq www y tcp host 192.168.1.99 host 192.168.1.253 eq www  tcp host 192.168.1.92.168.1.99 host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www host 192.168.1.253 eq www  host 192.168.1.253 eq www host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www a host 192.168.1.253 eq www n host 192.168.1.253 eq www y host 192.168.1.253 eq www  host 192.168.1.253 eq www a host 192.168.1.253 eq www n host 192.168.1.253 eq www y host 192.168.1.253 eq www  host 192.168.1.253 eq www  host 192.168.1.253 eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www  eq www eq www  eq www  eq www  eq www  eq www eq www eq www  eq www  R1(config)#exit R1#int *Mar 1 02:32:58.869: %SYS-5-CONFIG_I: Configured from console by console    R1#int   config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface e0/0 R1(config-if)#access R1(config-if)#access-expression ? input Filter input packets output Filter output packets R1(config-if)#access-expression               ? input Filter input packets output Filter output packets R1(config-if)#access        ? Interface configuration commands: access-expression Build a bridge boolean access expression arp Set arp type (arpa, probe, snap) or timeout backup Modify backup parameters bandwidth Set bandwidth informational parameter bgp-policy Apply policy propagated by bgp community string bridge-group Transparent bridging interface parameters carrier-delay Specify delay for interface transitions cdp CDP interface subcommands clns CLNS interface subcommands cmns OSI CMNS crypto Encryption/Decryption commands custom-queue-list Assign a custom queue list to an interface dampening Enable event dampening default Set a command to its defaults delay Specify interface throughput delay description Interface specific description diffserv diffserv (Provisioning) dot1q dot1q interface configuration commands dot1x Interface Config Commands for 802.1x duplex Configure duplex operation. eou EAPoUDP Interface Configuration Commands --More--   exit Exit from interface configuration mode fair-queue Enable Fair Queuing on an Interface flow-sampler Attach flow sampler to the interface full-duplex Configure full-duplex operational mode glbp Gateway Load Balancing Protocol interface commands half-duplex Configure half-duplex and related commands help Description of the interactive help system hold-queue Set hold queue depth ip Interface Internet Protocol config commands isis IS-IS commands iso-igrp ISO-IGRP interface subcommands keepalive Enable keepalive llc2 LLC2 Interface Subcommands load-interval Specify interval for load calculation for an interface logging Configure logging for interface loopback Configure internal loopback on an interface mac-address Manually set interface MAC address max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface mls mls interface commands mop DEC MOP server commands mtu Set the interface Maximum Transmission Unit (MTU) netbios Use a defined NETBIOS access list or enable --More--   name-caching no Negate a command or set its defaults ntp Configure NTP pagp PAgP interface subcommands pppoe pppoe interface subcommands pppoe-client pppoe client priority-group Assign a priority group to an interface random-detect Enable Weighted Random Early Detection (WRED) on an Interface rate-limit Rate Limit roles Specify roles (by entering roles mode) routing Per-interface routing configuration service-policy Configure QoS Service Policy shutdown Shutdown the selected interface snapshot Configure snapshot support on the interface snmp Modify SNMP interface parameters standby HSRP interface configuration commands tarp TARP interface subcommands timeout Define timeout values for this interface traffic-shape Enable Traffic Shaping on an Interface or Sub-Interface transmit-interface Assign a transmit interface to a receive-only interface --More--   tx-ring-limit Configure PA level transmit ring limit vlan-id Process VLAN-encapsulated packets with a specific VLAN ID vlan-range Process VLAN-encapsulated packets with a range of VLAN IDs vrrp VRRP Interface configuration commands R1(config-if)#ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands --More--   R1(config-if)#ip acce R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 in R1(config-if)#ip access-group 110 in  out R1(config-if)#ip access-group 110 outip access-group 110 out                       interface s0/0 R1(config-if)#ip ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands --More--   R1(config-if)#ip acce R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 in R1(config-if)#ip access-group 110 in  out R1(config-if)#interface 0/0e0/0 R1(config-if)#interface e0/0 acce R1(config-if)#access-expression                   ip acc R1(config-if)#ip acc   ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands --More--   R1(config-if)#ip    ^Z R1#confi *Mar 1 02:39:28.491: %SYS-5-CONFIG_I: Configured from console by consoleg t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list 11 12020 120 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R1(config)#access-list 120 permit % Incomplete command. R1(config)#access-list 120 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 120 permit tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 120 permit tcp any % Incomplete command. R1(config)#access-list 120 permit tcp any any R1(config)#interface e0/0 R1(config-if)#interface e0/0              ip acc R1(config-if)#ip access R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 120 ? in inbound packets out outbound packets R1(config-if)#ip access-group 120 in R1(config-if)#ip access-group 120 in  out R1(config-if)#ip access-group 120 outin nterface e0/0 access-list 120 permit tcp any any  interface e0/0 p access-group 110 outin nterface s0/0 p access-group 110 outin nterface e0/0 exit access-list 110 deny tcp any any eq www $ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www    i c m p  access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ^ % Invalid input detected at '^' marker. R1(config-if)#exit R1(config)#exit$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ip access-group 120 out $ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ^ % Invalid input detected at '^' marker. R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp      ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) drip Dynamic Routing Information Protocol (3949) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) --More--   pim-auto-rp PIM Auto-RP (496) pop2 Post Office Protocol v2 (109) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) sunrpc Sun Remote Procedure Call (111) syslog Syslog (514) tacacs TAC Access Control System (49) talk Talk (517) telnet Telnet (23) time Time (37) uucp Unix-to-Unix Copy Program (540) whois Nicname (43) www World Wide Web (HTTP, 80) R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq echo R1(config)#$ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq echo1.99 host 192.168.1.253 eq echo 2.99 host 192.168.1.253 eq echo R1(config)#interface e0/0 R1(config-if)#interface e0/0$ 110 permit tcp host 192.168.2.99 host 192.168.1.253 eq echo1.99 host 192.168.1.253 eq echoicmp exit $ 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq icmp ip access-group 120 out in  R1(config-if)#ip access-group 120 in  out R1(config-if)#ip access-group 120 out0 out 10 out R1(config-if)#ip access-group 110 outt   in R1(config-if)#exit R1(config)#show run        do show run Building configuration... Current configuration : 1320 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out --More--  ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq www access-list 110 deny tcp any any eq www access-list 110 permit tcp host 192.168.1.99 host 192.168.1.253 eq echo access-list 110 permit tcp host 192.168.2.99 host 192.168.1.253 eq echo access-list 120 permit tcp any any ! --More--   R1(config)#[A  cce   acc R1(config)#access-list 110naccess-list 110oaccess-list 110 access-list 110access-list 110 deny tcp any any eq www R1(config)#show access R1(config)#show accessdshow accessoshow access show accessshow access-list Extended IP access list 120 10 permit tcp any any R1(config)#do show run Building configuration... Current configuration : 1063 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected --More--  ! --More--  ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out ! interface Ethernet0/1 --More--   ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 120 permit tcp any any ! ! control-plane ! ! ! ! --More--  line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#  do show runaccess-listno access-list 110 deny tcp any any eq wwwdo show access-list  Extended IP access list 120 10 permit tcp any any R1(config)#do show access-listrun access-listno access-list 110 deny tcp any any eq wwwdo show run no access-list 110 deny tcp any any eq wwwdo show access-list run  Building configuration... Current configuration : 1063 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 ip access-group 110 in ip access-group 110 out full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ip access-group 110 in ip access-group 110 out --More--  ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! access-list 120 permit tcp any any ! ! control-plane ! ! --More--  ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#no ip acc R1(config)#no ip access-group 110 in ^ % Invalid input detected at '^' marker. R1(config)#no ip access-group 110 in  interface e0/0 R1(config-if)#no ip access-group 110 in R1(config-if)#no ip access-group 110 in  out R1(config-if)#interface s0/0 R1(config-if)#no ip access-group 110 in R1(config-if)#no ip access-group 110 in  out R1(config-if)#interface e0/1 R1(config-if)#no ip access-group 110 in\ ^ % Invalid input detected at '^' marker. R1(config-if)#no ip access-group 110 in\  R1(config-if)#no ip access-group 110 in exit R1(config)#exit exitno ip access-group 110 in\                         access-list 120 permit tcp any any R1(config)#show run ^ % Invalid input detected at '^' marker. R1(config)#do show run Building configuration... Current configuration : 906 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.253 255.255.255.0 full-duplex ! interface Serial0/0 ip address 172.16.144.2 255.255.255.224 ! interface Ethernet0/1 ip address 192.168.2.44 255.255.255.0 full-duplex --More--  ! router rip version 2 network 172.16.0.0 network 192.168.1.0 network 192.168.2.0 ! ip classless ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in --More--   password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end R1(config)#do show run access R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list R1(config)#access-list 120 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R1(config)#access-list 120 deny host    ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 120 deny R1#config t *Mar 1 02:58:29.955: %SYS-5-CONFIG_I: Configured from console by console  R1#config tenable access R1#enableaccess            config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#do show runshow run no access-list 120 permit tcp any anyexit no ip access-group 110 in\                          access R1(config)#access-list 120 deny tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 120 deny tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 120 deny tcp any host ? Hostname or A.B.C.D Destination address R1(config)#access-list 120 deny tcp any host 192.168.1.253 eq www R1(config)#access-list 120 deny tcp any host 192.168.1.253 eq www20 deny tcp any host 192.168.1.253 eq www 10 deny tcp any host 192.168.1.253 eq www0 10 deny tcp any host 192.168.1.253 eq www 20 deny tcp any host 192.168.1.253 eq www0 dennpdeny tcp any host 192.168.1.253 eq wwwedeny tcp any host 192.168.1.253 eq wwwrdeny tcp any host 192.168.1.253 eq wwwmdeny tcp any host 192.168.1.253 eq wwwideny tcp any host 192.168.1.253 eq wwwtdeny tcp any host 192.168.1.253 eq www deny tcp any host 192.168.1.253 eq wwwdeny tcp any host 192.168.1.253 eq www                                      ip anyan   any R1(config)#interface e0/0 R1(config-if)#ip acces R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name R1(config-if)#ip access-group 120 ? in inbound packets out outbound packets R1(config-if)#ip access-group 120 out R1(config-if)#ip access-group 120 out   in R1(config-if)#interface s0/0 R1(config-if)#ip access R1(config-if)#ip access-group 120        120 out R1(config-if)#ip access-group 120 out   in R1(config-if)#interface e0/0 R1(config-if)#no ip access-group 120 in R1(config-if)# R1(config-if)#copy run start ^ % Invalid input detected at '^' marker. R1(config-if)#do copy run start Destination filename [startup-config]? Building configuration... [OK] R1(config-if)#exit R1(config)#exit R1#exit R1 con0 is now available Press RETURN to get started. *Mar 1 03:06:50.094: %SYS-5-CONFIG_I: Configured from console by console