Re: How to make ACL that blocks everyone on the network except me? - Page 2

h h · ‎05-03-2023

So I have ospf set up and I'm following directions that say to "Configure ACLs so that the 172.16.2.0/24 environment can reach your whole environment, but everyone else can only reach your 99 on the web ports." So from what I understand is everyone on the 10.0.0.0 network should only be allowed on interface 1.99 and blocked on everything else, and 172.16.2.0 should be able to access everything. I've tried making the ACLs but the problem is I'm denying the whole 10.0.0.0 network which includes me so I'm blocking myself, I'm on 10.218.0.0.How do I deny everyone else on the network besides myself? I attached the show run of my router so you can see my configuration.

MHM Cisco World · ‎05-04-2023

Friend this extended acl

You must specify source and destiantion the in end add keyword established.

h h · ‎05-04-2023

I tried putting a destination it still says invalid at established

MHM Cisco World · ‎05-04-2023

show me the acl after add destination

h h · ‎05-04-2023

access-list 100 permit tcp 10.0.0.0 10.218.0.0 eq www established. I'm not really sure what the destination should be so I just put the 218 which is my network, would that be right?

MHM Cisco World · ‎05-04-2023

access-list 100 permit tcp 10.0.0.0 10.218.0.0 eq www established <<- this not correct
access-list 100 permit tcp 10.0.0.0 <wildcard> 10.218.0.0 <wildcard> eq www established

h h · ‎05-04-2023

Ah ok I forgot the masks. Do I have the addresses right though? If I'm trying to only allow 218 but block everything else on 10.0.0.0

MHM Cisco World · ‎05-04-2023

access-list 100 permit tcp <IP><IP> eq www established 
access-list 100 deny <ip><ip>
access-list 100 permit ip any any

use above ACL in same order I share