Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
1
Helpful
1
Replies

ACL-CONFIG

Go to solution
knanyhy011
Level 1
Level 1

‎01-29-2024 10:18 AM

HELLO FRINDS :

I have little problems of access list control here you are:

i want to do this:

on a router HQ DO THAT

  

        1  - Allow host 192.168.10.2 to reach all devices on VLAN300, VLAN400 and VLAN90

        2  - Allow HTTP connections from 192.168.10.0 to reach the HTTP server on Internet  and FTP server  on

             VLAN90 and Deny all other connections from HQ LAN to reach other devices on VLAN300 and

             VLAN400 and VLAN 90.

- Deny ICMP connections from the Internet.

the problem i have are these:

1. with the first request i can not deny the other devices in 192.168.10.0  to reach to the vlans

2. with the second request i can not deny all other connections

hostname HQ

!

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

username admin secret 5 $1$mERr$AFX/pZT1Lh7NP3Dp3P/qq/

!

!

license udi pid CISCO2911/K9 sn FTX15241I2I-

!

!

!

!

!

!

!

!

!

ip ssh version 2

ip domain-name ccna-lab.com.

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 192.168.10.1 255.255.255.0

ip ospf 2 area 0

ip access-group HQ-SECURITY in

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 209.100.100.1 255.255.255.252

ip access-group HQ-SECURITY in

ip nat outside

!

interface Serial0/0/1

ip address 172.30.16.2 255.255.255.252

ip ospf 2 area 0

ip nat inside

!

interface Vlan1

no ip address

shutdown

!

router ospf 2

router-id 2.2.2.2

log-adjacency-changes

passive-interface GigabitEthernet0/0

!

ip nat pool IPNAT1 209.165.0.4 209.165.0.30 netmask 255.255.255.224

ip nat inside source list 20 pool IPNAT1 overload

ip nat inside source static 192.168.90.2 209.165.0.1

ip classless

ip route 0.0.0.0 0.0.0.0 172.30.16.1

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

ip flow-export version 9

!

!

access-list 20 permit 192.168.30.0 0.0.0.255

access-list 20 permit 192.168.40.0 0.0.0.255

access-list 20 permit 192.168.10.0 0.0.0.15

ip access-list extended HQ-SECURITY

permit ip host 192.168.10.2 192.168.0.0 0.0.255.255

permit tcp 192.168.10.0 0.0.0.255 host 20.1.1.2 eq www

permit tcp 192.168.10.0 0.0.0.255 host 192.168.90.2 eq ftp

permit icmp any host 20.1.1.2 echo

permit ip any any

deny tcp any any

ip access-list standard HQ-VTY-LIMIT

permit host 192.168.90.5

permit host 192.168.10.2

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

access-class HQ-VTY-LIMIT in

login local

transport input ssh

!

!

!

end

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
knanyhy011
Level 1
Level 1

‎01-30-2024 09:14 AM

thank you the problem is solved

View solution in original post

1 Reply 1

Go to solution
knanyhy011
Level 1
Level 1

‎01-30-2024 09:14 AM

thank you the problem is solved

Customers Also Viewed These Support Documents