cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Firewalls

107
Views
0
Helpful
3
Replies
Highlighted
Beginner

Restricted access to servers using access list

Dear All,

 

I am running some servers in my network which i want to have restricted access. I only want 8-10 specific users to have the access of these machines. i want this ip 192.168.12.30, 192.168.10.11, 192.168.11.15 to have access to the server on 192.168.11.13. Rest of the machines on subnet (192.168.8.0 - 192.168.15.0) should not access the server on 192.168.11.13. So are these statement correct ? Need help

 

ip access-list extended servers

permit ip host 192.168.12.30 host 192.168.11.13

permit ip host 192.168.10.11 host 192.168.11.13

permit ip host 192.168.11.15 host 192.168.11.13

deny ip any any

3 REPLIES
VIP Collaborator

Re: Restricted access to servers using access list

Hi,

It is looking correct but you must be applied ACL in the correct direction. 

 

Regards,

Deepak Kumar

Beginner

Re: Restricted access to servers using access list

This is the problem i am facing .. if i am applying ip access-group in or out on the LAN interface nothing happens ? Need help in this regard.

VIP Collaborator

Re: Restricted access to servers using access list

Hi,

This access-list must be configured under the LAN interface (Client Faced) in the direction of IN as below:

 

!

interface GigabitEthernet0/0/0

description Connected to Server

ip address 192.168.11.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/0/1

description Connected to LAN

ip address 192.168.12.1 255.255.255.0

ip access-group server in

duplex auto

speed auto

!

ip access-list extended server

10 permit ip host 192.168.12.30 host 192.168.11.13

20 permit ip host 192.168.12.11 host 192.168.11.13

30 permit ip host 192.168.12.15 host 192.168.11.13

50 deny ip 192.168.12.0 0.0.0.255 host 192.168.11.13

100 permit ip any any

!

 

Regards,

Deepak Kumar

CreatePlease to create content
Content for Community-Ad

Blog-Cisco Community Designated VIP Class of 2019