Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3106
Views
0
Helpful
5
Replies

Extended ACL Not working?

Go to solution
NobleCISCO1
Level 1
Level 1

‎09-03-2017 12:34 AM - edited ‎03-08-2019 11:55 AM

Hi All, 

Having trouble doing an extended ACL, Where I have to:

 

Setup an ACL to prevent Laptop 0 access the Web Server but allow all other traffic.Laptop 0 is allowed to ping the web services but not access the web page.

 

As well write a ACL to prevent Laptop 1 not allowed to access the FTP services but allowed to access the web services.

 

I have used commands on router 0

access-list 110 deny tcp host 172.16.10.2 host 177.20.40.2 eq 80

access-list 110 deny tcp host 172.16.10.2 host 215.15.15.2 eq ftp

access-list 110 permit ip any any

 

on fa0/1

 

ip access-group 110 inUntitled.jpg

 

 

 

 

 

Labels:
ACL Networking.tar
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GRANT3779
Spotlight
Spotlight
In response to NobleCISCO1

‎09-03-2017 01:37 AM

What is the full config of the fa0/1 router interface? If you are using sub interfaces the ACLs needs to be placed under these and not the physical one (if i am understanding your topology correctly).

View solution in original post

0 Helpful
5 Replies 5

Go to solution
GRANT3779
Spotlight
Spotlight

‎09-03-2017 01:16 AM

Looking at your topology the laptops are on different vlans and will have a different gateway. Do you have router on a stick configured on the left router? Is the switch on the left purely layer2? If yes to above you will need to apply ACLs on the sub interfaces I believe and will need two separate ACLs.

0 Helpful

Go to solution
NobleCISCO1
Level 1
Level 1
In response to GRANT3779

‎09-03-2017 01:22 AM - edited ‎09-03-2017 01:23 AM

Hi Grant, 

Thanks, yes both laptops are both on different Vlans and it is a 2 layer switch.

 

Only put both computers on one ACL to test, if I only put one deny command on the 110 ACL it still doesn't work. 

 

Tried to put both ACLs on the FA0/1 interface and only one is able to be accepted. 

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to NobleCISCO1

‎09-03-2017 01:37 AM

What is the full config of the fa0/1 router interface? If you are using sub interfaces the ACLs needs to be placed under these and not the physical one (if i am understanding your topology correctly).

0 Helpful

Go to solution
NobleCISCO1
Level 1
Level 1
In response to GRANT3779

‎09-03-2017 06:12 AM

That worked!

Thank you very much!

0 Helpful

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎09-03-2017 06:09 AM - edited ‎09-03-2017 06:12 AM

Hi

It could be applied on the Serial 0/1/0 on outbound direction. 

 

interface se0/1/0

ip access-group 110 out

 

Also be sure before to apply the ACL that everything is working fine.

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents