Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL commands

Hello, I am trying to write an ACL to do the following:

- permit HTTP access to the web server

- deny all other access to the web server

- permit traffic to all other destinations

My attempt is:

permit tcp any eq 80

deny ip any

permit ip any any

However I can still ping the web server at so I have obviously not got the ACL right.

Can someone please advise how I should have written my ACL ?

Thanks for any help.

Everyone's tags (1)

ACL commands


Your acl would look like this:

permit tcp any host eq 80

deny ip any host

permit ip any any



HTH, John *** Please rate all useful posts ***
Hall of Fame Super Silver

ACL commands


John has correctly identified an inconsistency in the mask used in your access list. But I believe that there may be more to the problem than the issue with the mask. If the access list in your original post were correctly applied on an IOS router then it looks to me like access for any non TCP traffic to network 10 would have been denied. So I believe that we need some additional information:

- what platform is this access list on? masking is quite different between IOS devices and the ASA for example. So what platform are we dealing with?

- How is the access list applied? If the access list is not applied at all, or is  not applied to the correct interface, or is not applied in the correct direction then that would explain why you were able to ping the server.