https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733478#M1049668 <P>This is the problem i am facing .. if i am applying ip access-group in or out on the LAN interface nothing happens ? Need help in this regard.</P> Fri, 26 Oct 2018 07:46:23 GMT M Talha 2018-10-26T07:46:23Z https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733371#M1049629 <P>Dear All,</P> <P>&nbsp;</P> <P>I am running some servers in my network which i want to have restricted access. I only want 8-10 specific users to have the access of these machines. i want this ip 192.168.12.30, 192.168.10.11, 192.168.11.15 to have access to the server on 192.168.11.13. Rest of the machines on subnet (192.168.8.0 - 192.168.15.0) should not access the server on 192.168.11.13. So are these statement correct ? Need help</P> <P>&nbsp;</P> <P>ip access-list extended servers</P> <P>permit ip host 192.168.12.30 host 192.168.11.13</P> <P><SPAN>permit ip host 192.168.10.11 host 192.168.11.13</SPAN></P> <P><SPAN>permit ip host 192.168.11.15 host 192.168.11.13</SPAN></P> <P><SPAN>deny ip any any</SPAN></P> Fri, 21 Feb 2020 16:24:01 GMT https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733371#M1049629 M Talha 2020-02-21T16:24:01Z https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733457#M1049647 <P>Hi,</P> <P>It is looking correct but you must be applied ACL in the correct direction.&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Deepak Kumar</P> Fri, 26 Oct 2018 07:27:25 GMT https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733457#M1049647 Deepak Kumar 2018-10-26T07:27:25Z https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733478#M1049668 <P>This is the problem i am facing .. if i am applying ip access-group in or out on the LAN interface nothing happens ? Need help in this regard.</P> Fri, 26 Oct 2018 07:46:23 GMT https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733478#M1049668 M Talha 2018-10-26T07:46:23Z https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733524#M1049684 <P>Hi,</P> <P>This access-list must be configured under the LAN interface (Client Faced) in the direction of IN as below:</P> <P>&nbsp;</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">!</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>interface GigabitEthernet0/0/0</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>description Connected to Server</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">ip address 192.168.11.1 255.255.255.0</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">duplex auto</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">speed auto</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">!</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>interface GigabitEthernet0/0/1</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>description Connected to LAN</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">ip address 192.168.12.1 255.255.255.0</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">ip<STRONG> access-group server in</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">duplex auto</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">speed auto</P> <P>!</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">ip<STRONG> access-list extended server</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>10 permit </STRONG>ip<STRONG> host 192.168.12.30 host 192.168.11.13</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>20 permit </STRONG>ip<STRONG> host 192.168.12.11 host 192.168.11.13</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>30 permit </STRONG>ip<STRONG> host 192.168.12.15 host 192.168.11.13</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>50 deny ip 192.168.12.0 0.0.0.255 host 192.168.11.13 </STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;"><STRONG>100 permit </STRONG>ip<STRONG> any any</STRONG></P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">!</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">&nbsp;</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">Regards,</P> <P style="-qt-block-indent: 0; text-indent: 0px; margin: 0px;">Deepak Kumar</P> Sat, 27 Oct 2018 04:13:28 GMT https://community.cisco.com/t5/network-security/restricted-access-to-servers-using-access-list/m-p/3733524#M1049684 Deepak Kumar 2018-10-27T04:13:28Z