08-22-2002 06:45 AM - edited 03-09-2019 12:02 AM
Hi I'm configuring 2 named extended access-lists on a Cisco 1600 router but can't get them working properly. The first (Unrestricted) is to allow certain workstations unlimited access to the internet. The second (Restricted) is for the rest of the workstations to have access only to certain sites.
This is the newest version that I came up with & was wondering if anyone would if know if these would work or of any suggestions to try. Any help is greatly appreciated. The whole network is on the same subnet, 10.10.10.0/24.
Thanks.
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
router(config)#ip access-list extended Unrestricted
router(config-ext-nacl)#permit tcp host 10.10.10.1 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.2 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.3 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.23 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.26 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.43 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.50 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.51 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.52 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.55 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.111 any eq www log
router(config-ext-nacl)#permit tcp host 10.10.10.200 any eq www log
router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.200
log
router(config-ext-nacl)#permit tcp host 10.10.10.201 any eq www log
router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.201
log
router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254
log
router(config-ext-nacl)#permit tcp 216.240.0.0 0.0.255.255 host
10.10.10.200 eq www log
router(config-ext-nacl)#permit tcp 216.240.0.0 0.0.255.255 host
10.10.10.254 eq www log
router(config-ext-nacl)#
router(config)#ip access-list extended Restricted
router(config-ext-nacl)#permit tcp any 66.59.134.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 216.99.108.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 17.0.0.0 0.255.255.255 eq domain log
router(config-ext-nacl)#permit tcp any 207.46.0.0 0.0.255.255 eq domain log
router(config-ext-nacl)#permit tcp any 206.47.20.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 192.150.14.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 192.139.219.0 0.0.0.255 eq domain
log
router(config-ext-nacl)#permit tcp any 207.68.131.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 141.202.248.0 0.0.0.255 eq domain
log
router(config-ext-nacl)#permit tcp any 216.10.17.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 64.58.77.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 192.151.52.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 204.255.163.0 0.0.0.255 eq domain
log
router(config-ext-nacl)#permit tcp any 63.150.162.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 167.33.61.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 128.121.220.0 0.0.0.255 eq domain
log
router(config-ext-nacl)#permit tcp any 204.104.133.0 0.0.0.255 eq domain
log
router(config-ext-nacl)#permit tcp any 209.68.24.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 192.5.41.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 207.46.230.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 17.254.3.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 63.210.47.0 0.0.0.255 eq domain log
router(config-ext-nacl)#permit tcp any 216.240.7.0 0.0.0.255 eq domain log
router(config-ext-nacl)#end
router(config)#int e1
router(config-if)#ip access-group Unrestricted in
router(config-if)#ip access-group Restricted out
router(config-if)#^Z
1d00h: %SYS-5-CONFIG_I: Configured from console by consoles-l
router#
08-30-2002 03:18 PM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide