Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP Access List w/ Cisco 2620 Router ?

Hardware: Cisco 2620 Router

Scenario: I want to setup a block of 14 ip addresses so they can only access one certain website or ip address and they can not go anywhere else. I have been using a 255.255.255.240 mask.

Here are a couple of statments that I tried, but could not get them to work.

ip access-lists extended 110

permit tcp host x.x.x.241 0.0.0.240 host x.x.112.3

deny ip host x.x.x.241 0.0.0.240 any

permit ip any any

Then on the fastethernet port and serial ports i added:

ip access-group 110 out

Saved, Rebooted and still did not work.

Can someone help me out on this?

Daren

3 REPLIES
New Member

Re: IP Access List w/ Cisco 2620 Router ?

Well, if you are setting up access list for a block of 14. then you should use the inverse of the subnet mask. One way of doing this is (255-240) which is 15.

Therefore your access list should say

- Permit tcp 10.10.10.0 0.0.0.15 host 216.216.1.5 eq www

- deny ip 10.10.10.0 0.0.0.15 any

- permit ip any any

Here 10.10.10.0 255.255.255.240 is the group of address you want to allow access to and the 216.216 address is the website you want to give them access to.

Apply this in. that is ip access-group in because the router would have to check this before routing it while the packet is coming "IN" to the ethernet interface.

Good luck.

New Member

Re: IP Access List w/ Cisco 2620 Router ?

I see three problems. First, your wildcard mask should be 0.0.0.15 Second, at the end of your permit statement, I would put "eq www". Third, if your fastethernet is your internal network, you should apply it inward. eg. ip access-group 110 in. Remember, it's relative to the router. Also, this would give you 13 addresses- x.x.x.241-x.x.x.254

New Member

Re: IP Access List w/ Cisco 2620 Router ?

config access-list as follow:

access-list 110 permit tcp x.x.x.240 0.0.0.15 host x.x.112.3

access-list 110 deny ip x.x.x.240 0.0.0.15 any

access-list 110 permit ip any any

ip access-group 110 out

404
Views
0
Helpful
3
Replies
CreatePlease login to create content