Problems implementing named ACLs

mjw123 · ‎08-22-2002

Hi I'm configuring 2 named extended access-lists on a Cisco 1600 router but can't get them working properly. The first (Unrestricted) is to allow certain workstations unlimited access to the internet. The second (Restricted) is for the rest of the workstations to have access only to certain sites.

This is the newest version that I came up with & was wondering if anyone would if know if these would work or of any suggestions to try. Any help is greatly appreciated. The whole network is on the same subnet, 10.10.10.0/24.

Thanks.

router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z

router(config)#ip access-list extended Unrestricted

router(config-ext-nacl)#permit tcp host 10.10.10.1 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.2 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.3 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.23 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.26 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.43 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.50 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.51 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.52 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.55 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.111 any eq www log

router(config-ext-nacl)#permit tcp host 10.10.10.200 any eq www log

router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.200

log

router(config-ext-nacl)#permit tcp host 10.10.10.201 any eq www log

router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.201

log

router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254

log

router(config-ext-nacl)#permit tcp 216.240.0.0 0.0.255.255 host

10.10.10.200 eq www log

router(config-ext-nacl)#permit tcp 216.240.0.0 0.0.255.255 host

10.10.10.254 eq www log

router(config-ext-nacl)#

router(config)#ip access-list extended Restricted

router(config-ext-nacl)#permit tcp any 66.59.134.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 216.99.108.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 17.0.0.0 0.255.255.255 eq domain log

router(config-ext-nacl)#permit tcp any 207.46.0.0 0.0.255.255 eq domain log

router(config-ext-nacl)#permit tcp any 206.47.20.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 192.150.14.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 192.139.219.0 0.0.0.255 eq domain

log

router(config-ext-nacl)#permit tcp any 207.68.131.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 141.202.248.0 0.0.0.255 eq domain

log

router(config-ext-nacl)#permit tcp any 216.10.17.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 64.58.77.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 192.151.52.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 204.255.163.0 0.0.0.255 eq domain

log

router(config-ext-nacl)#permit tcp any 63.150.162.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 167.33.61.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 128.121.220.0 0.0.0.255 eq domain

log

router(config-ext-nacl)#permit tcp any 204.104.133.0 0.0.0.255 eq domain

log

router(config-ext-nacl)#permit tcp any 209.68.24.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 192.5.41.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 207.46.230.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 17.254.3.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 63.210.47.0 0.0.0.255 eq domain log

router(config-ext-nacl)#permit tcp any 216.240.7.0 0.0.0.255 eq domain log

router(config-ext-nacl)#end

router(config)#int e1

router(config-if)#ip access-group Unrestricted in

router(config-if)#ip access-group Restricted out

router(config-if)#^Z

1d00h: %SYS-5-CONFIG_I: Configured from console by consoles-l

router#

ciscomoderator · ‎08-30-2002

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.