Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to Block this using Extended ACL

Hi All, Here is the scenario which i am using

Untitled.png

TASK: I want to block all the data stream destined to 10.10.10.2 which travel from port 80 of http server.

I am trying the Extended access list as follows

access-list 131 deny tcp host 10.10.10.1 eq www host 10.10.10.2

access-list 131 permit ip any any

ip access-group 131 out at FastEthernet interface of HTTP server router

However it is not working as expected, Everything works normal.Where i am wrong?

Everyone's tags (3)
1 REPLY

How to Block this using Extended ACL

Hi Bro

In R1, just do this if you're plannin to block the source from the LAN in R1 to 10.10.10.2, and all should be good.

!

access-list 100 deny tcp any host 10.10.10.2 eq 80

access-list 100 permit ip any any

!

interface FastEthernet 0/0

description ### WAN Link ###

ip address 10.10.10.1 255.255.255.252

!

interface FastEthernet 0/1

description ### LAN Link ###

ip access-group 100 in

!

However, if you're trying to block R1 (from R1 itself) in reaching R2 10.10.10.2 via TCP/80, then you'll need to use the MPF method shown below;

!

class-map CM_HTTP

match access-group 100

!

policy-map PM_HTTP

class CM_HTTP

  drop

!

control-plane

service-policy output PM_HTTP

!

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
472
Views
0
Helpful
1
Replies
CreatePlease to create content