Unanswered Question
Oct 29th, 2007

Router has the three interface e0, e1,& s0.

s0 is connected to the internet,

e0 to lan,

e1 to three servers srv1, srv2,srv3.

We have to make the access list to prevent all the host and from the internet to access the web service on srv1. But the host 1 ( should have permission to access this web

server and all other traffic is permitted.

ip address:-

router e0 interface:

host on e0: host 1=

host 2= , host 3=

router s0 interface :-

router e1 interface:-

srv1: , srv 2:


apply the acl in not more than three statement and in which interface and in which direction this acl should be applied

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bvsnarayana03 Mon, 10/29/2007 - 02:59

What I understand is, only Host 1 must be able to access Srvr 1. Rest all traffic from anywhere to the sever 1 is denied. But, all can connect to server 2 & 3. If this is right, then here is the config:

ip access-list extended web_server

permit ip host host

permit ip any host

permit ip any host

int e1

ip access-group web_server out

absivara Wed, 10/31/2007 - 20:53

If I have understood u clearly, except host1, no one else can access the http (port 80) service on svr1. All other traffic is permitted. In 3 lines this will be

access-list 101 permit ip host host

access-list 101 deny ip any host eq 80

access-list 101 permit ip any any

int e1

ip access-group 101 out


This Discussion