Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
862
Views
0
Helpful
4
Replies

Access list complication

Go to solution
aadenitan
Level 1
Level 1

ā€Ž04-20-2012 09:06 AM

I am trying to permit some specific people have access to specific sites  while other users of the network get full access to all other sites.I have this configuration but it is not working :

ip access-list extended BLOCK

permit tcp host 192.168.2.108 host 62.173.38.89 eq www

permit tcp host 192.168.2.60 host 67.173.38.89 eq www

permit tcp host 192.168.2.93 host 67.173.38.89 eq www

permit tcp host 192.168.2.126 host 67.173.38.89 eq www

permit ip any any

I appplied to the interface where the traffic is coming from  like this :

Seedvest(config-if)#ip access-group BLOCK in

Please help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

ā€Ž04-20-2012 09:48 AM

The problem is that every statement in the access list is a permit and it ends with permit any any. So there is no packet that ever will be denied. The result is that every packet passes through.

I am not certain that I fully understand what you are trying to accomplish but I think that you have 4 specific hosts that you want to be able to access a specific destination. I am correct in understanding that these 4 hosts should access nothing else? If so then the solution is after the 4 specific permits you should have deny statements for those 4 specific hosts to anything else. Then have the permit any any.

If I have not understood correctly then please clarify.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

ā€Ž04-20-2012 09:48 AM

The problem is that every statement in the access list is a permit and it ends with permit any any. So there is no packet that ever will be denied. The result is that every packet passes through.

I am not certain that I fully understand what you are trying to accomplish but I think that you have 4 specific hosts that you want to be able to access a specific destination. I am correct in understanding that these 4 hosts should access nothing else? If so then the solution is after the 4 specific permits you should have deny statements for those 4 specific hosts to anything else. Then have the permit any any.

If I have not understood correctly then please clarify.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
aadenitan
Level 1
Level 1
In response to Richard Burts

ā€Ž04-22-2012 11:41 PM

Yes i have 4 specific hosts that i want to be able to access only a specific site.so that means i should have something like

ip access-list extended BLOCK

permit tcp host 192.168.2.108 host 62.173.38.89 eq www

deny tcp host 192.168.2.108 any eq www

permit ip any any

for all others too?

0 Helpful

Go to solution
aadenitan
Level 1
Level 1
In response to aadenitan

ā€Ž04-23-2012 02:26 AM

Thank you very much.It worked well

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to aadenitan

ā€Ž04-23-2012 04:45 AM

I am glad that my suggestion helped lead you to a solution for your question that works well for you. Thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read a question and can know that an answer was found. Your marking has contributed to that process.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card