11-26-2016 01:41 PM - edited 03-08-2019 08:18 AM
Hi everyone,
I am quiet new to packet tracer. I am currently having trouble with creating an access control list for my packet tracer file. I am aware of the deny and permit commands, but not to sure what 2nd IP address should be used at the source of the blockage.
There are 3 VLANS on the network.
VLAN 10, VLAN 20 and VLAN 99
I am attempting to use an extended ACL commands for these 3 VLANS.
VLAN 10 I want to deny access to FTP services bit permit all other traffic.
VLAN 20 I want to deny HTTP services and permit all other traffic
VLAN 99 I want to permit access to all locations and protocols
I was looking at naming each control list the following:
VLAN 10: Access control list 110
VLAN 20: Access control list 120
VLAN 99: Access control list 199
The VLAN 10 IP address is 172.18.10.0
The VLAN 20 IP address is 172.18.20.0
The VLAN 99 IP address is 172.18.99.0
The router that is the first source contact has a GIG interface to a switch but that currently does not have an IP Address, there is a serial link going from the first source router to the 2nd with the IP address 172.18.5.2
Thanks
11-28-2016 09:27 PM
Hello
ip Access-list extended 110
10 deny tcp 172.18.10.0 0.0.0.255 any eq FTP
20 deny tcp 172.18.20.0 0.0.0.255 any eq HTTP
30 permit ip 172.18.30.0 0.0.0.255 any
50 permit ip any any ( you can change this line with your condition )
Then you must configure interface to check the access list 110 .
Notice : You can name your ACL rather number but if you want to debug an ACL, it's not possible with named ACLs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide