10-17-2015 05:04 PM - edited 03-08-2019 02:15 AM
check out my Packet Tracer File
I saw this exercise online.
R3 - blue network
R5 - red network
Only R3 had one Access List on it to achieve all objectives.
I'm confused as to why.
10-17-2015 09:29 PM
Your picture does not show the location of HTTP server and SMTP server, but I supposed HTTP server located in R3 and SMTP server located in R5.
Cisco says Extended ACL should apply on closest router to the destination, so I am not sure why your picture says to the source.
If we want to apply extended ACL based on Cisco, we should block SMTP traffic on R3 and HTTP traffic on R5.( it is not always the best way but it is the rule of thump). However, you can block both traffic on just one router with one access-list.
The configuration looks like this.
access-list 101 deny tcp host 192.168.50.10 eq smtp any
access-list 101 deny tcp host 14.0.0.6 eq www 192.168.50.0 0.0.0.255
access-list 101 permit ip any any
R3 >>>int G0/1
Ip access-group 101 out ( controls traffic from SMTP server to come to R3)
Ip access-group 101 in ( controls traffic from HTTP to go to 192.168.50.0 R5 )
Hope it helps,
Masoud
10-27-2015 07:16 AM
Hi Josh,
I read your query and below is the best config to achieve the goal.
Objective:
Deny HTTP traffic into R5's Network
Deny SMTP Traffic into R3's Network
Condition: We need to create ACL only on router 3
We need to use extended ACL as mentioned. As it is is Extended ACL, we need to make sure we need to apply it close to the source
To Deny HTTP traffic into R5's Network:
access-list 101 deny tcp any 14.0.0.0 0.0.0.7 eq 80
access-list 101 permit any any
To Deny SMTP Traffic into R3's Network
access-list 102 deny tcp any 192.168.50.0 0.0.0.255 eq 25
access-list 102 permit any any
Since we need to apply ACL only on Router 3, below is the best way to apply the ACL (close to source)
configR3# int g0/0
(config-if)R3#ip access-group 101 in
config R3# int g0/1
(config-if)R3#ip access-group 102 in
Regards,
Dinesh Khandal
Spooster IT Services
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide