Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

Hellp Everyone,

I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.

I want to allow the whole Intranet but few intranet websites also needs access to the internet.

Can we create such Access-List with the above requirement.

I tried to create the ACL on the switch but it blocks the whole internet access.

i want to do it for a subnet not for a specific IP.

Can someone help me in creating such access list.

Thanks in Advance

Hall of Fame Super Silver

Re: How to create a Access list on core switch to bloxk all Inte

The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.

In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.

The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).

You would then use them as follows:

ip access-list extended main_acl

permit any object-group intranet any

permit object-group allowed_servers object-group allowed_sites any

interface vlan

ip access-group main_acl in

More details on the syntax and examples can be found here:

CreatePlease to create content