IP Access List w/ Cisco 2620 Router?

blkphtm · ‎10-23-2001

Hardware: Cisco 2620 Router

Scenario: I want to setup a block of 14 ip addresses so they can only access one certain website or ip address and they can not go anywhere else. I have been using a 255.255.255.240 mask.

Here are a couple of statments that I tried, but could not get them to work.

ip access-lists extended 110

permit tcp host x.x.x.241 0.0.0.240 host x.x.112.3

deny ip host x.x.x.241 0.0.0.240 any

permit ip any any

Then on the fastethernet port and serial ports i added:

ip access-group 110 out

Saved, Rebooted and still did not work.

Can someone help me out on this?

Daren

dhirtz · ‎10-23-2001

One of the main issues is the "permit ip any any" statement but the first line of your access-list is also incorrect if I understand what your wanting to accomplish.

Example of allowing 16 addresses to hit one host but denying the rest.

permit tcp 10.2.0.0 0.0.0.7 host 100.100.100.1

deny ip any any

This ACL would allow 10.2.0.1 to 10.2.0.14 to hit 100.100.100.1 but deny everything else.

markvtran · ‎10-25-2001

It seems that you have the wrong wildcard mask. For mask of 255.255.255.240 you will need wildcard mask of 0.0.0.15 not 0.0.0.240.