cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1560
Views
0
Helpful
7
Replies

Frame Relay and Access List Control

smallkiddo26
Level 1
Level 1

Hi. I want to block the three yellow box devices from accessing the internet but still can access FTP and Web server. May I know how can I do that? Figure quite a long time but still cant find any solution. 

 

And also. I am trying to do the frame relay on the main router and Cloud. After I done, I still cant ping the two routers. Any Solution?

 

Thank you. 

7 Replies 7

Hello,

 

post the zipped Packet Tracer project (.pkt) file...

this is

Hello,

 

here are the IPv6 ACLs (marked in bold

 

Building configuration...

Current configuration : 1990 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
ipv6 dhcp pool POOL_11
address prefix 2001:DB8:DAD:11::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
ipv6 dhcp pool POOL_12
address prefix 2001:DB8:DAD:12::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
ipv6 dhcp pool POOL_15
address prefix 2001:DB8:DAD:15::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
license udi pid CISCO2911/K9 sn FTX15241JR8-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
ipv6 traffic-filter IPv6_NET_11 in
duplex auto
speed auto
ipv6 address FE80::11:1 link-local
ipv6 address 2001:DB8:DAD:11::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_11
!
interface GigabitEthernet0/1
no ip address
ipv6 traffic-filter IPv6_NET_12 in
duplex auto
speed auto
ipv6 address FE80::12:1 link-local
ipv6 address 2001:DB8:DAD:12::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_12
!
interface GigabitEthernet0/2
no ip address
ipv6 traffic-filter IPv6_NET_15 in
duplex auto
speed auto
ipv6 address FE80::15:1 link-local
ipv6 address 2001:DB8:DAD:15::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_15
!
interface Serial0/3/0
no ip address
ipv6 address FE80::6:1 link-local
ipv6 address 2001:DB8:DAD:6::1/64
ipv6 enable
ipv6 ospf 10 area 0
!
interface Serial0/3/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router ospf 10
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
ipv6 access-list IPv6_NET_11
permit ipv6 2001:DB8:DAD:11::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:11::/64 any eq ftp
!
ipv6 access-list IPv6_NET_12
permit ipv6 2001:DB8:DAD:12::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:12::/64 any eq ftp
!
ipv6 access-list IPv6_NET_15
permit ipv6 2001:DB8:DAD:15::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:15::/64 any eq ftp
!
line con 0
!
line aux 0
!
line vty 0 4
login

are you configuring the routers?? cause I didnt see any zip files 

 

Hello 

 

add the lines markef in bold to your router configuration...

Hello,

 

for web access (http and https) you need to add two more lines. Indeed everything else will be blocked by the implicit deny:

 

ipv6 access-list IPv6_NET_12
permit ipv6 2001:DB8:DAD:12::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:12::/64 any eq ftp
permit tcp 2001:DB8:DAD:12::/64 any eq http
permit tcp 2001:DB8:DAD:12::/64 any eq 443

Hi but i have trouble with this line 

 

permit tcp 2001:DB8:DAD:12::/64 any eq http