Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
1
Replies

need help in configuring ACL

Raghavendra Bandaru
Level 1
Level 1

‎05-05-2011 12:35 AM - edited ‎03-03-2019 06:16 AM

Hi,

Can someone please help me with configuration of ACL with below requirements.

Please set an ACL for the host
10.170.79.120
for all ports

Incoming traffic to host 10.170.79.120
is allowed from everywhere.

Outgoing traffic from host 10.170.79.120
is only allowed to
10.170.76.107
10.170.76.102
10.64.35.79

Purpose of the ACL is to allow outgoing
traffic form 10.170.79.120 only to the listed hosts.

Labels:
0 Helpful
1 Reply 1

Raphael Wouters
Cisco Employee
Cisco Employee

‎05-09-2011 11:21 PM

Hi Raghavendra,

I suppose you will apply the access-list on an interface?

If that's the case you probably don't need to specify that the incoming traffic to host is allowed from anywhere. Unless you want to drop all incoming traffic that is coming from anywhere to something else that this hose in which case you'll need this input ACL:

access-list 100 permit ip any host 10.170.79.120

Applying the above access-list on input of the output interface will drop all packets except the ones to 10.170.79.120

For the outgoing traffic you'll need the following access-list:

access-list 101 permit ip host 10.170.79.120 host 10.170.76.107
access-list 101 permit ip host 10.170.79.120 host 10.170.76.102
access-list 101 permit ip host 10.170.79.120 host 10.64.35.79

You can apply it on input of the inside(s) interface(s) or on output of outside(s) interface(s) (which not the best choice as packets will cross the router and take some ressources before being dropped anyway).

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card