cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
1
Replies

Access Control List

RDDunlap
Beginner
Beginner

Hello all, Recently I have configured a standard ACL (out) and applied it to a VLAN in order to keep users from accessing this particular VLAN. The ACL works great with one accept ion, I also have a server sitting inside of the VLAN that I created the ACL for and the server is not able to access the outside internet. I can ping the outside network and devices from this server, but cannot access the internet. My ACL has an explicit deny, and the lines that I add are only to allow specific outside devices access to the VLAN. my question is: What line do I need to add to grant internet access to the server? Here is an example of my configuration:

Config t

Ip access-list standard (NAME)

Permit host 10.8.9.3

Permit host 10.8.9.85

(AND SO ON)

(Do not have to DENY, only permitted hosts will be allowed, all other traffic is automatically denied)

 

TO APPLY TO VLAN

Config t

 <w:wrap type="square">Interface vlan 4

Ip access-group (NAME) out

</w:wrap>

 

SO say that 10.8.9.3 is my server sitting inside of the VLAN that I am applying this ACL to. What needs to be done in order to grant it internet access? Thank you!

1 Reply 1

Meheretab Mengistu
Rising star
Rising star

 

Hi,

You will need to change your ACL to extended ACL. Here is a sample:

 

ip access-list extended ABC

 permit ip any host 10.8.9.3       ! Permits access from anywhere to the server 

 permit ip any host 10.8.9.85

 ...

!

int vlan4

 ip access-group ABC out

!

 

HTH,

Meheretab

HTH,
Meheretab
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers