Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
5
Replies

Access List Help

Go to solution
Egor Khomenko
Level 1
Level 1

‎10-28-2013 05:24 PM - edited ‎03-07-2019 04:17 PM

Hi! I want to set acces sheets. There is a network:

  10.30.6.0 with a mask of 255.255.255.0, it is necessary that she went to the Internet on port 80 and 443, and the other ports are closed

10.30.7.0 with a mask of 255.255.255.0 went to the Internet for 80, and went over the network to address 10.50.51.250, and the rest are closed

10.30.9.0 had full access

Help set up ACL!???

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
daniel.dib
Level 7
Level 7

‎10-29-2013 12:18 AM

conf t

ip access-list extended NETWORK_6

permit tcp 10.30.6.0 0.0.0.255 any eq 80

permit tcp 10.30.6.0 0.0.0.255 any eq 443

deny ip any any

ip access-list extended NETWORK_7

permit tcp 10.30.7.0 0.0.0.255 any eq 80

permit ip 10.30.7.0 0.0.0.255 host 10.50.51.250

deny ip any any

ip access-list extended NETWORK_9

permit ip any any

However if you only open for 80 and 443, how do you handle DNS?

Also you have to think about return traffic if you want to do filtering.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
daniel.dib
Level 7
Level 7

‎10-29-2013 12:18 AM

conf t

ip access-list extended NETWORK_6

permit tcp 10.30.6.0 0.0.0.255 any eq 80

permit tcp 10.30.6.0 0.0.0.255 any eq 443

deny ip any any

ip access-list extended NETWORK_7

permit tcp 10.30.7.0 0.0.0.255 any eq 80

permit ip 10.30.7.0 0.0.0.255 host 10.50.51.250

deny ip any any

ip access-list extended NETWORK_9

permit ip any any

However if you only open for 80 and 443, how do you handle DNS?

Also you have to think about return traffic if you want to do filtering.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

Go to solution
Andrew Clark
Level 1
Level 1
In response to daniel.dib

‎10-29-2013 06:50 AM

You don't need the deny ip any any at the end because the ACL has an explicit deny at the end of it.

0 Helpful

Go to solution
daniel.dib
Level 7
Level 7
In response to Andrew Clark

‎10-31-2013 12:25 AM

I know but I usually add it there for clarity.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

Go to solution
Egor Khomenko
Level 1
Level 1
In response to daniel.dib

‎10-29-2013 07:57 PM

Apply to the interface as a group?

and yet, as you can on this Vlan prisvoit.T.e. DHCP is set to distribute the network??

0 Helpful

Go to solution
Egor Khomenko
Level 1
Level 1
In response to daniel.dib

‎10-30-2013 07:45 PM

Thank you so much! I helped your article!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card