Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reg:bolking internet but permitting interanet

Hi,


This is a case in which i seek ur help here,i have to deny internet access to a group of ten hosts but allow them access to particular domain e.g.;xx.in ,could any one help how to udo this using Access lists on router gi 0/0 interface.

1 REPLY
Super Bronze

Re: Reg:bolking internet but permitting interanet

Assuming that particular domain that they need access to resolve to 200.1.1.1, and you only need HTTP access to that domain, you can configure the following:

access-list 101 permit tcp host host eq 80

access-list 101 permit tcp host host  eq 80

...

...

access-list 101 permit tcp host host  eq 80

access-list 101 deny ip host any

access-list 101 deny ip host any

...

...

access-list 101 deny ip host any

access-list 101 permit ip any any

The last line (permit ip any any), I assume that you would like to allow access for other hosts to the internet.

Assuming gig0/0 is the internal router interface where the hosts are connected to:

interface gi0/0

     ip access-group 101 in

Hope that helps.

174
Views
0
Helpful
1
Replies