Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access list creation

I am managing 100 users LAN. We have a leased Line from ISP.

I have set NAT pool ( overload ) on the router to access the outside net from the inside users.

Now i want to restrict few users to access the net and rest all i want to deny.

How to place the access list . Pl advice me .

My current configuration is as follows.

i!

ip nat pool temp IP Addr netmask

ip nat inside source list 101 pool temp overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 0.0.0.0 0.0.0.0 BRI0 20

ip route 192.168.1.0 255.255.255.0 Serial0

ip http server

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip

I want to Block hosts ranging from 20 to 255 from accessing outside net

Hosts 1 to 19 should be allowed to access the net.

Waiting for the reply.

Many thanks in advance

Veena Jade

1 REPLY
New Member

Re: access list creation

You need to filter the ouggoing packets addressed to the world at the external interface.

The access list should read something like

access-list 102 permit ip 192.168.1.0 0.0.0.15 any

access list 102 permit ip 192.168.1.16 0.0.0.3 any

access list 102 deny ip any any (this is always implicit)

Now if your ISP connected interface is serial 0 this access list should be applied to serial 0 outgoing.

In such case I do not understand the role of

ip route 192.168.1.0 255.255.255.0 serial 0

It seems that your default route and your local network are on serial 0, while it stands to reason to believe your local network is on ethernet 0.

Finally I presume you are using bri0 for a dial backup with a legacy dial-up configuartion (no dialer interface) therefore you need to apply the same list to bri0 to enforce it when serial0 is down and you are using the isdn backup

Hope it helps

Fabio

184
Views
0
Helpful
1
Replies