access-list meaning

wajid dabir · ‎01-31-2013

can any one tell me the meaning of below access-list.

ip access-list extended WIFI_IN

permit ip 10.60.9.0 0.0.0.255 host 192.168.42.*

permit ip 10.60.9.0 0.0.0.255 host 10.60.1.100

permit ip 10.60.9.0 0.0.0.255 host 10.60.7.210

deny ip 10.60.9.0 0.0.0.255 10.60.0.0 0.0.15.255

deny ip 10.60.9.0 0.0.0.255 10.96.209.0 0.0.0.255

permit ip 10.60.9.0 0.0.0.255 any

!

access-list 1 permit 0.0.0.0

cadet alain · ‎01-31-2013

Hi,

hosts in the 10.60.9.0/24 subnet can communicate with hosts specified in first 4 statements

they cant communicate with hosts in 10.96.209/24 and with all other hosts in 10.60.0.0/20

they can communicate with any hosts in any other subnets

all other communication will be denied by the implicit deny all

Regards

Alain

Don't forget to rate helpful posts.

Giuseppe Larosa · ‎01-31-2013

Hello Wajid,

in my answer I assume you have hidden last octet of host 192.168.42.* as it shouldn't be a valid command written in this way.

The tasks that are performed by this extended named ACL are the following:

it allows traffic originated from 10.60.9.0/24 to hosts 192.168.42.X, 10.60.1.100, 10.60.7.210.

It denies all traffic originated from 10.60.9.0/24 to 10.60.0.0/20 and to 10.96.209.0/24 that might be your intranet

At the end all other ip traffic with source 10.60.9.0/24 is allowed, this allows for example internet access.

In other words the ACL allows communication from a guest IP subnet ( wireless ) to a few servers in your intranet, it does block all other communication to the intranet, and then allows to access all other possible destinations that is for internet access.

Hope to help

Giuseppe