Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access List Help

Hi! I want to set acces sheets. There is a network:

  10.30.6.0 with a mask of 255.255.255.0, it is necessary that she went to the Internet on port 80 and 443, and the other ports are closed

10.30.7.0 with a mask of 255.255.255.0 went to the Internet for 80, and went over the network to address 10.50.51.250, and the rest are closed

10.30.9.0 had full access

Help set up ACL!???

1 ACCEPTED SOLUTION

Accepted Solutions

Access List Help

conf t

ip access-list extended NETWORK_6

permit tcp 10.30.6.0 0.0.0.255 any eq 80

permit tcp 10.30.6.0 0.0.0.255 any eq 443

deny ip any any

ip access-list extended NETWORK_7

permit tcp 10.30.7.0 0.0.0.255 any eq 80

permit ip 10.30.7.0 0.0.0.255 host 10.50.51.250

deny ip any any

ip access-list extended NETWORK_9

permit ip any any

However if you only open for 80 and 443, how do you handle DNS?

Also you have to think about return traffic if you want to do filtering.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
5 REPLIES

Access List Help

conf t

ip access-list extended NETWORK_6

permit tcp 10.30.6.0 0.0.0.255 any eq 80

permit tcp 10.30.6.0 0.0.0.255 any eq 443

deny ip any any

ip access-list extended NETWORK_7

permit tcp 10.30.7.0 0.0.0.255 any eq 80

permit ip 10.30.7.0 0.0.0.255 host 10.50.51.250

deny ip any any

ip access-list extended NETWORK_9

permit ip any any

However if you only open for 80 and 443, how do you handle DNS?

Also you have to think about return traffic if you want to do filtering.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
Community Member

Access List Help

You don't need the deny ip any any at the end because the ACL has an explicit deny at the end of it.

Access List Help

I know but I usually add it there for clarity.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
Community Member

Access List Help

Apply to the interface as a group?

and yet, as you can on this Vlan prisvoit.T.e. DHCP is set to distribute the network??

Community Member

Access List Help

Thank you so much! I helped your article!

173
Views
0
Helpful
5
Replies
CreatePlease to create content