Reg:bolking internet but permitting interanet

Unanswered Question
Apr 26th, 2010

Hi,


This is a case in which i seek ur help here,i have to deny internet access to a group of ten hosts but allow them access to particular domain e.g.;xx.in ,could any one help how to udo this using Access lists on router gi 0/0 interface.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Mon, 04/26/2010 - 04:02

Assuming that particular domain that they need access to resolve to 200.1.1.1, and you only need HTTP access to that domain, you can configure the following:

access-list 101 permit tcp host host eq 80

access-list 101 permit tcp host host  eq 80

...

...

access-list 101 permit tcp host host  eq 80

access-list 101 deny ip host any

access-list 101 deny ip host any

...

...

access-list 101 deny ip host any

access-list 101 permit ip any any

The last line (permit ip any any), I assume that you would like to allow access for other hosts to the internet.

Assuming gig0/0 is the internal router interface where the hosts are connected to:

interface gi0/0

     ip access-group 101 in

Hope that helps.

Actions

This Discussion