Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access list complication

I am trying to permit some specific people have access to specific sites  while other users of the network get full access to all other sites.I have this configuration but it is not working :

ip access-list extended BLOCK

permit tcp host 192.168.2.108 host 62.173.38.89 eq www

permit tcp host 192.168.2.60 host 67.173.38.89 eq www

permit tcp host 192.168.2.93 host 67.173.38.89 eq www

permit tcp host 192.168.2.126 host 67.173.38.89 eq www

permit ip any any

I appplied to the interface where the traffic is coming from  like this :

Seedvest(config-if)#ip access-group BLOCK in

Please help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Access list complication

The problem is that every statement in the access list is a permit and it ends with permit any any. So there is no packet that ever will be denied. The result is that every packet passes through.

I am not certain that I fully understand what you are trying to accomplish but I think that you have 4 specific hosts that you want to be able to access a specific destination. I am correct in understanding that these 4 hosts should access nothing else? If so then the solution is after the 4 specific permits you should have deny statements for those 4 specific hosts to anything else. Then have the permit any any.

If I have not understood correctly then please clarify.

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

Access list complication

The problem is that every statement in the access list is a permit and it ends with permit any any. So there is no packet that ever will be denied. The result is that every packet passes through.

I am not certain that I fully understand what you are trying to accomplish but I think that you have 4 specific hosts that you want to be able to access a specific destination. I am correct in understanding that these 4 hosts should access nothing else? If so then the solution is after the 4 specific permits you should have deny statements for those 4 specific hosts to anything else. Then have the permit any any.

If I have not understood correctly then please clarify.

HTH

Rick

New Member

Access list complication

Yes i have 4 specific hosts that i want to be able to access only a specific site.so that means i should have something like

ip access-list extended BLOCK

permit tcp host 192.168.2.108 host 62.173.38.89 eq www

deny tcp host 192.168.2.108 any eq www

permit ip any any

for all others too?

New Member

Access list complication

Thank you very much.It worked well

Hall of Fame Super Silver

Access list complication

I am glad that my suggestion helped lead you to a solution for your question that works well for you. Thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read a question and can know that an answer was found. Your marking has contributed to that process.

HTH

Rick

316
Views
0
Helpful
4
Replies