cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
309
Views
0
Helpful
3
Replies

ACL's

cowetacoit
Level 1
Level 1

I have an ACL that i want to permit communication from one subnet to 4 specific hosts and allow for internet.

ip access-list extended PUBLIC-WIRELESS

permit ip any host 10.0.32.120

permit ip any host 10.0.32.121

permit ip any host 10.0.32.122

permit ip any host 10.0.32.123

deny ip any any

I know this won't allow for those hosts on the subnet to get to the internet. My question is can i have these permit statements allowing communication to those hosts, and still allow anyone on that subnet to get to the internet? It is publicly accessed and i can't allow them to be on our network except to communicate with a few printers and a print server.

3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

Try the following:

ip access-list extended PUBLIC-WIRELESS

permit ip any host 10.0.32.120

permit ip any host 10.0.32.121

permit ip any host 10.0.32.122

permit ip any host 10.0.32.123

deny ip any [your internal network]

permit ip any any

HTH,

__

Edison.

hmm.....i didn't realize you could have a permit after a deny statement like that. That worked! thanks!

Packets that "don't match":

deny ip any [your internal network]

... are evaluated against the next Access Control Entry(s) (ACE), until a match is found, or the end of the ACL is reached.

Typically, you'll use a:

deny ip any any log

... ACE, at the end of your ACL to log any packets that violate security policy.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: