10-25-2018 10:35 PM - edited 02-21-2020 08:24 AM
Dear All,
I am running some servers in my network which i want to have restricted access. I only want 8-10 specific users to have the access of these machines. i want this ip 192.168.12.30, 192.168.10.11, 192.168.11.15 to have access to the server on 192.168.11.13. Rest of the machines on subnet (192.168.8.0 - 192.168.15.0) should not access the server on 192.168.11.13. So are these statement correct ? Need help
ip access-list extended servers
permit ip host 192.168.12.30 host 192.168.11.13
permit ip host 192.168.10.11 host 192.168.11.13
permit ip host 192.168.11.15 host 192.168.11.13
deny ip any any
10-26-2018 12:27 AM
Hi,
It is looking correct but you must be applied ACL in the correct direction.
Regards,
Deepak Kumar
10-26-2018 12:46 AM
This is the problem i am facing .. if i am applying ip access-group in or out on the LAN interface nothing happens ? Need help in this regard.
10-26-2018 02:08 AM - edited 10-26-2018 09:13 PM
Hi,
This access-list must be configured under the LAN interface (Client Faced) in the direction of IN as below:
!
interface GigabitEthernet0/0/0
description Connected to Server
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
description Connected to LAN
ip address 192.168.12.1 255.255.255.0
ip access-group server in
duplex auto
speed auto
!
ip access-list extended server
10 permit ip host 192.168.12.30 host 192.168.11.13
20 permit ip host 192.168.12.11 host 192.168.11.13
30 permit ip host 192.168.12.15 host 192.168.11.13
50 deny ip 192.168.12.0 0.0.0.255 host 192.168.11.13
100 permit ip any any
!
Regards,
Deepak Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide