Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet via access list

I have a small subnet that contains about 20 student workstations in a lab environment, this network has been segmented from the rest of my network with a 1760 with an additional Ethernet module. I need to allow the student workstations access to the Internet, and only the Internet, through the 1760 and then through my 2611 and PIX 506e. I also need to allow the instructors PC full access through the 1760. I'm trying to do this with an extended IP access list.

Without the access list that I've created activated all the PC's can access the Internet. When I activate it only the instructors PC can access the Internet, so obviously I've missed something or I'm doing something wrong. This should be pretty simple so what ever I'm messing up will probably make me feel pretty dumb.

I haven't done a lot of access lists, but this is what I have. I have a permit statement allowing the Instructors IP address to do anything. I have a permit statement allowing all IP addresses to use TCP port 53 (DNS), and another permit for TCP port 80 (www). Do I need more permit statements for additional port numbers? What am I missing or doing wrong? Any help would be great.



New Member

Re: Internet via access list

Ok, I fixed my own problem and yes I do feel dumb. My permit statement dor DNS was TCP port 53, it should have been UDP, duh... I changed that and it works great.