I have a PC in a lobby open to public that I wish to allow access to the internet only, but I want to be able to remote control the PC from another office if necessary. I want to allow all other PCs at this location unrestricted access to the network.
The PC is IP 192.168.31.250 255.255.255.0, on the 192.168.31.0 network segment. The switch is a 2950 and the router is a 1751.
I cant to limit it at the switch, is it possible?
Ive come up the following ACL
access-list 101 permit tcp host 172.16.31.250 any eq 443
access-list 101 permit tcp host 172.16.31.250 any eq www
access-list 101 permit tcp host 172.16.31.250 any eq domain
access-list 101 permit tcp host 172.16.31.250 any established
access-list 101 deny tcp host 172.16.31.250 any
access-list 101 deny icmp host 172.16.31.250 any
access-list 101 permit tcp any any
Applied in on the Ethernet port of the router.
It does not do what I hoped, what am I doing wrong?
your access list actually looks ok, what exactly is not working ?
Qssuming that your specific host has IP address 192.168.31.250, and your network is 192.168.31.0/24, the access list should look like this:
access-list 101 permit tcp host 192.168.31.250 any eq www
access-list 101 permit tcp host 192.168.31.250 any eq 443
access-list 101 permit tcp host 192.168.31.250 any eq domain
--> these 3 lines allow your host to access and browse the Internet
access-list 101 permit tcp host 192.168.31.250 any established
--> this line allows any host to access your 192.168.31.250 machine only if the connection has been established from the outside (that is, 192.168.31.250 cannot talk to the other hosts unless the other hosts talk to 192.168.31.250 first
access-list 101 deny ip any any log
-->as suggested in the other post, this statement is useful to find out where the access list might not be working correctly.
Apply the access list inbound on the switchport of the 2950 where 192.168.31.250 is connected to.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...