11-22-2007 12:13 PM - edited 03-05-2019 07:35 PM
I Have this Requirments:
deny web traffic from 192.168.10.0/24 to subnet 10.10.100.0
permit web traffic from 192.168.0.0/8 to subnet 10.10.100.0
permit any other ip traffic from my pod to 10.10.100.0
dont use deny use just PERMIT
PLZ ADJUST THIS ENTRY IF I DID MISTAKE
ip access-list extended ACL-ACL
permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
int vlan 100
ip access-group ACL-ACL in
11-22-2007 12:46 PM
The last entry on the ACL
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
will break this requirement:
deny web traffic from 192.168.10.0/24 to subnet 10.10.100.0
I believe the task is steering you to implement Vlan ACLs instead of IPv4 ACLs.
With Vlan ACLs, you can configure ACL entries with permit but with a drop action under the Vlan Map.
For more information, please see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/scg/swacl.htm#wp1600210
11-22-2007 12:58 PM
10xs EdisonOrtiz !
so where the mistake here?could you plz define?
10xs
11-22-2007 01:02 PM
As I stated, the last entry will break the requirement.
permit ip will allow web traffic and any other type of ip traffic. The requirements say to deny it.
11-23-2007 06:57 AM
hello EdisonOrtiz
it solved by
permit ip 10.10.0.0 0.0.255.255 10.10.100.0 0.0.0.255
10xs
11-23-2007 08:41 AM
hello
I Have some doubt about these statments:
permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80
any clarification?
10xs
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: