Access Control List
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2017 08:01 AM - edited 03-01-2019 06:14 PM
Hello all, Recently I have configured a standard ACL (out) and applied it to a VLAN in order to keep users from accessing this particular VLAN. The ACL works great with one accept ion, I also have a server sitting inside of the VLAN that I created the ACL for and the server is not able to access the outside internet. I can ping the outside network and devices from this server, but cannot access the internet. My ACL has an explicit deny, and the lines that I add are only to allow specific outside devices access to the VLAN. my question is: What line do I need to add to grant internet access to the server? Here is an example of my configuration:
Config t
Ip access-list standard (NAME)
Permit host 10.8.9.3
Permit host 10.8.9.85
(AND SO ON)
(Do not have to DENY, only permitted hosts will be allowed, all other traffic is automatically denied)
TO APPLY TO VLAN
Config t
<w:wrap type="square">Interface vlan 4
Ip access-group (NAME) out
</w:wrap>
SO say that 10.8.9.3 is my server sitting inside of the VLAN that I am applying this ACL to. What needs to be done in order to grant it internet access? Thank you!
- Labels:
-
Network Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2017 09:18 PM
Hi,
You will need to change your ACL to extended ACL. Here is a sample:
ip access-list extended ABC
permit ip any host 10.8.9.3 ! Permits access from anywhere to the server
permit ip any host 10.8.9.85
...
!
int vlan4
ip access-group ABC out
!
HTH,
Meheretab
Meheretab
