cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
5
Helpful
5
Replies

vlan access-list

alsayed
Level 1
Level 1

I Have this Requirments:

deny web traffic from 192.168.10.0/24 to subnet 10.10.100.0

permit web traffic from 192.168.0.0/8 to subnet 10.10.100.0

permit any other ip traffic from my pod to 10.10.100.0

dont use deny use just PERMIT

PLZ ADJUST THIS ENTRY IF I DID MISTAKE

ip access-list extended ACL-ACL

permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80

permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255

int vlan 100

ip access-group ACL-ACL in

5 Replies 5

Edison Ortiz
Hall of Fame
Hall of Fame

The last entry on the ACL

permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255

will break this requirement:

deny web traffic from 192.168.10.0/24 to subnet 10.10.100.0

I believe the task is steering you to implement Vlan ACLs instead of IPv4 ACLs.

With Vlan ACLs, you can configure ACL entries with permit but with a drop action under the Vlan Map.

For more information, please see:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/scg/swacl.htm#wp1600210

10xs EdisonOrtiz !

so where the mistake here?could you plz define?

10xs

As I stated, the last entry will break the requirement.

permit ip will allow web traffic and any other type of ip traffic. The requirements say to deny it.

hello EdisonOrtiz

it solved by

permit ip 10.10.0.0 0.0.255.255 10.10.100.0 0.0.0.255

10xs

hello

I Have some doubt about these statments:

permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80

permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80

any clarification?

10xs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: