Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access list question

Hello, would this sequence of access list commands:

access-group 1 permit tcp any host 10.0.0.2 eq 80

access-group 1 deny ip any host 10.0.0.2

access-list 1 permit ip any any

achieve the following:

Allow http access from any host to 10.0.0.2 (external web server)

Deny all other access to 10.0.0.2 (external web server)

Allow all other access to the internal network ?

Thank you for any help.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

access list question

Yes it would

Line 1 allows web access to 10.0.0.2

Line 2 denies all other traffic to 10.0.0.2

Line 3 permits everything else

HTH,

John

HTH, John *** Please rate all useful posts ***
2 REPLIES

access list question

Yes it would

Line 1 allows web access to 10.0.0.2

Line 2 denies all other traffic to 10.0.0.2

Line 3 permits everything else

HTH,

John

HTH, John *** Please rate all useful posts ***

access list question

Um...it's late and I need to make a couple of corrections for you.

In order for the first line to permit a port, you need an extended access list, so your number needs to be between 100 - 199 or a named acl. The access-group command actually applies the access-list to the interface, so the original answer that I gave you was incorrect. Use the following to truly do what you're wanting to do. (You have to use extended acls to specify the protocol.)

access-list 100 permit tcp any host 10.0.0.2 eq 80

access-list 100 deny ip any host 10.0.0.2

access-list 100 permit ip any any

To apply it:

int fa0/1

ip access-group 100 in

HTH,

John

HTH, John *** Please rate all useful posts ***
194
Views
0
Helpful
2
Replies