cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
7
Replies

Access List

ray_stone
Level 1
Level 1

Hi, I m bit confused in making access lists. We have three V-lans following:

Vlan100 NOC SL 100 192.168.12.0/24

Vlan200 QA SL 50 192.168.13.0/24

Vlan300 DEV SL 50 192.168.14.0/24

Vlan2 Out SL 0 *.*

Among all V-lans except Outside we are using NO NAT, means all V-lan 100,200,300 Network Traffic are exempted. Now we come to access list : By default NOC can access both V-lan 200 and 300 Traffic and I m using PAT for all V-lans to access the internet. QA and DEV V-lans can access the internet without any problem and NOC too but I want to access one NOC machine 192.168.12.20 from QA and DEV V-lans and when I make a rule for this then QA and DEV not able to access the Internet. Can anyone help me...Thanks

1 Accepted Solution

Accepted Solutions

suschoud
Cisco Employee
Cisco Employee

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

View solution in original post

7 Replies 7

suschoud
Cisco Employee
Cisco Employee

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

Hi Sushil, Thanks for ur reply.

access-l test permit ip any any

if i make this then all DEV and QA users will able to access all NOC machines. Can you please clarify one by one. Thnaks

ohhhh dear!!! got it now

Thanks

Hi, now what i want it's that I want to give the access of DEV and QA users to access the outside 80 and 443 ports but for downloading e-mails Can i make a access list like through the domain name pop.gmail.com and smtp.gmail.com instead of using IP.

access-l test permit tcp any host pop/smtp.gmail.com eq 445

Is it possible??? Thanks

??

I am afraid..you can't use domain name in the ACL syntax

Thanks!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: