Re: ACL is not working

Mordecalex · ‎01-04-2023

Hi, i want to disallow vlan 10 and 30 addresses on request my web server with ACL on my router msa (rt_msa on my topology) but it is not working, it still successfully request my web server.

here is a little bit what i did on rt_msa:

access-list 110 deny tcp 172.130.128.0 0.0.0.63 host 10.0.0.2 eq 80

access-list 110 deny tcp 172.130.129.32 0.0.0.31 host 10.0.0.2 eq 80

access-list 110 permit tcp 172.130.129.0 0.0.0.31 host 10.0.0.2 eq 80

int g0/1

ip access-group 110 in

Any help? am i doing somthing wrong?

Shambhu-Kumar · ‎01-04-2023

Cold you try this way,

access-list 110 permit tcp 172.130.129.0 0.0.0.31 host 10.0.0.2 eq 80

access-list 110 deny tcp any any eq 80

int g0/1
ip access-group 110 in

Mordecalex · ‎01-05-2023

I did and still not working

Mordecalex · ‎01-05-2023

Hi, i want to disallow vlan 10 and 30 addresses on request my web server with ACL on my router msa (rt_msa on my topology) but it is not working, it still successfully request my web server.

here is a little bit what i did on rt_msa:

access-list 110 deny tcp 172.130.128.0 0.0.0.63 host 10.0.0.2 eq 80

access-list 110 deny tcp 172.130.129.32 0.0.0.31 host 10.0.0.2 eq 80

access-list 110 permit tcp 172.130.129.0 0.0.0.31 host 10.0.0.2 eq 80

int g0/1

ip access-group 110 in

Any help? am i doing somthing wrong?

here is what i have done in PKT

reginaldjohnson · ‎01-05-2023

try the command below. It's best to add the permit ACL at the top and the deny ACL at the bottom. In this case, only the permit ACL is required and deny all.

access-list 110 permit tcp 172.130.129.0 0.0.0.31 host 10.0.0.2 eq 80
no access-list 110 deny tcp 172.130.128.0 0.0.0.63 host 10.0.0.2 eq 80
no access-list 110 deny tcp 172.130.129.32 0.0.0.31 host 10.0.0.2 eq 80
access-list 110 deny any any

MHM Cisco World · ‎01-05-2023

I can not open PKT but please apply the ACL to SVI of vlan.