12-12-2007 06:09 AM - edited 02-21-2020 01:49 AM
I am having trouble finding a way to give different users access to different parts of my network. It looks like I can only limit access to everyone.
Any help would be great.
12-12-2007 11:19 AM
You can change the ACL from any to a host or range of IPs. For example here's an ACL that would block all the 192.168.10 /24 users but allow all other 192.168. users.
access-list inside_out extended deny 192.168.10.0 255.255.255.0 any eq 80
access-list inside_out extended permit 192.168.0.0 255.255.0.0 any eq 80
HTH
12-12-2007 01:01 PM
You can also use the object-group commands within ACL's to group similar objects together when they share common networks, ports, etc.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: