Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List

all,

i'm looking to build an access-list to monitor the web traffic of one particular ip address and to log the results to the router. does anyone have an example of an access-list that will perform the actions listed above?

thanks

4 REPLIES
Cisco Employee

Re: Access List

Hi,

You can apply an access-list and apply it on the internal interface for the traffic going to the particular web server ip address.

A similar config on the router will look like the one below.

logging buffered 4096

interface Ethernet1

ip access-group 199 in

access-list 199 permit tcp any host xxx.xxx.xxx.xxx eq www log

access-list 199 [ The other traffic that you want to permit or deny]

The below URL gives you more info on Access-lists:

http://www.cisco.com/warp/public/707/confaccesslists.html

Regards,

Arul

New Member

Re: Access List

thanks for the response... so, for me, i would do the following. Correct? And if so, this will log all internet traffic from 10.x.x.x?

interface FA0/1

ip access-group 199 in

access-list 199 permit tcp any host 10.x.x.x eq www log

Cisco Employee

Re: Access List

Hi,

If the int fa0/1 is on your internal side, then the above config will log all information going from any source address to destination address 10.x.x.x(web) on tcp port 80.

Regards,

Arul

New Member

Re: Access List

hmmm...

the fa is on my router side.... all i want to do is log traffic going to the internet from one particular user.

107
Views
5
Helpful
4
Replies
CreatePlease login to create content