10-23-2001 09:21 AM - edited 03-01-2019 06:58 PM
Hardware: Cisco 2620 Router
Scenario: I want to setup a block of 14 ip addresses so they can only access one certain website or ip address and they can not go anywhere else. I have been using a 255.255.255.240 mask.
Here are a couple of statments that I tried, but could not get them to work.
ip access-lists extended 110
permit tcp host x.x.x.241 0.0.0.240 host x.x.112.3
deny ip host x.x.x.241 0.0.0.240 any
permit ip any any
Then on the fastethernet port and serial ports i added:
ip access-group 110 out
Saved, Rebooted and still did not work.
Can someone help me out on this?
Daren
10-23-2001 12:36 PM
One of the main issues is the "permit ip any any" statement but the first line of your access-list is also incorrect if I understand what your wanting to accomplish.
Example of allowing 16 addresses to hit one host but denying the rest.
permit tcp 10.2.0.0 0.0.0.7 host 100.100.100.1
deny ip any any
This ACL would allow 10.2.0.1 to 10.2.0.14 to hit 100.100.100.1 but deny everything else.
10-25-2001 02:01 PM
It seems that you have the wrong wildcard mask. For mask of 255.255.255.240 you will need wildcard mask of 0.0.0.15 not 0.0.0.240.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide