Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1870
Views
10
Helpful
5
Replies

Problem with my ACL, only HTTP and HTTPS allowed on vlan 10 but the webpage stays unreachable

Go to solution
Searon
Level 1
Level 1

‎08-24-2020 09:58 AM

Dear Cisco Community,

 

I am configuring this ACL to only have HTTP and HTTPS access to the server 10.0.0.2 on vlan 10, but I am doing something wrong as I am unable to reach the webpage anymore after I enable the ACL.

 

It's probably something small I am overlooking, any help is appreciated.

 

brussel(config)#ip access-list extended server
brussel(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.255 host 10.0.0.2 eq 80
brussel(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.255 host 10.0.0.2 eq 443
brussel(config-ext-nacl)#deny ip any host 10.0.0.2
brussel(config-ext-nacl)#int g0/1
brussel(config-if)#ip access-group server in

temp3.png

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎08-24-2020 11:06 AM

Hi,

You are applying the ACL on the wrong interface/direction. According to
your ACL syntax, it should be applied on G0/0 in inbound direction or G0/1
in outbound direction. Applying it on G0/1 in inbound direction is wrong.

**** please remember to rate useful posts

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-24-2020 10:46 AM - edited ‎08-24-2020 10:49 AM

what is the out come  removing  "deny ip any host 10.0.0.2" and try ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Searon
Level 1
Level 1
In response to balaji.bandi

‎08-24-2020 11:02 AM - edited ‎08-24-2020 11:03 AM

Weird, still not able to reach the page the moment I remove the total ACL I get instant webpage...

 

Does that mean this is wrong?

 

brussel(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.255 host 10.0.0.2 eq 80

brussel(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.255 host 10.0.0.2 eq 443

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎08-24-2020 11:06 AM

Hi,

You are applying the ACL on the wrong interface/direction. According to
your ACL syntax, it should be applied on G0/0 in inbound direction or G0/1
in outbound direction. Applying it on G0/1 in inbound direction is wrong.

**** please remember to rate useful posts

Go to solution
Searon
Level 1
Level 1
In response to Mohammed al Baqari

‎08-24-2020 11:19 AM

Yep, this was the problem. Something to remember, thanks for your help!
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Mohammed al Baqari

‎08-24-2020 12:15 PM

Good catch it was the wrong interface.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents