cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
170
Views
0
Helpful
4
Replies
Highlighted
Beginner

Packet Tracer- Extended ACL

Hello guys, this is my first time using this forum, I dont know if It is the right place to ask but I hope so.

 

Im currently doing a 10 points project at school, and I need help with something. 

 

I have inserted a file with includes the photo.

In the photo you will see two networks 192.168.30.0, and 192.168.50.0

What I need to do is to prevent the whole network of 192.168.30.0, from accessing the computers at 192.168.50.0. but they should be able to access the server. How do I make it happen? I tried doing access-list [NUM] deny tcp 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 80 (Which is on

4 REPLIES 4
Highlighted
VIP Mentor

Re: Packet Tracer- Extended ACL

Hello,

 

the picture does not show what IP address the server has. Let's say it is 192.168.50.100. If you want network 192.168.30.0/24 to just access this server and nothing else, you need to have a statement that permits access to that server:

 

access-list 101 permit 192.168.30.0 0.0.0.255 host 192.168.50.100

 

The implicit 'deny' will allow only access to the server, everything else is denied.

 

Actually, post the (zipped) .pkt Packet Tracer project file

Highlighted
Beginner

Re: Packet Tracer- Extended ACL

There is a couple servers, I want the network (which is the destination) 192.168.30.0 to be able to connect them, the net id of the source is 192.168.50.0 but it doesn't include only servers. it also includes computers. I will rather not post the file. 

I tried doing 

access-list 100 deny tcp 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255 

and then allow only access for servers, for exampe: access-list 100 deny permit tcp 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 80, It still didn't work.

I just started doing ACL's a week ago so it might be difficult for me to understand. but the network that is including both servers nand computers is located above to the right. The Router next to the server is the one im configuring my ACL at.

 

 

Thanks again

Highlighted
Rising star
Rising star

Re: Packet Tracer- Extended ACL

Hi 

where are you configuring the acl? device, interface, and direction?

Have a look at this document - there are good examples.

HTH

Highlighted
Beginner

Re: Packet Tracer- Extended ACL

The ACL List In configured at the source of 192.168.50.0- which is the router next to it.