Frame Relay and Access List Control

smallkiddo26 · ‎10-12-2021

Hi. I want to block the three yellow box devices from accessing the internet but still can access FTP and Web server. May I know how can I do that? Figure quite a long time but still cant find any solution.

And also. I am trying to do the frame relay on the main router and Cloud. After I done, I still cant ping the two routers. Any Solution?

Thank you.

Georg Pauwen · ‎10-12-2021

Hello,

post the zipped Packet Tracer project (.pkt) file...

smallkiddo26 · ‎10-12-2021

this is

Georg Pauwen · ‎10-12-2021

Hello,

here are the IPv6 ACLs (marked in bold

Building configuration...

Current configuration : 1990 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
ipv6 dhcp pool POOL_11
address prefix 2001:DB8:DAD:11::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
ipv6 dhcp pool POOL_12
address prefix 2001:DB8:DAD:12::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
ipv6 dhcp pool POOL_15
address prefix 2001:DB8:DAD:15::/64 lifetime 172800 86400
dns-server 2001:DB8:DAD:10::100
domain-name mmu.com
!
license udi pid CISCO2911/K9 sn FTX15241JR8-
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
ipv6 traffic-filter IPv6_NET_11 in
duplex auto
speed auto
ipv6 address FE80::11:1 link-local
ipv6 address 2001:DB8:DAD:11::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_11
!
interface GigabitEthernet0/1
no ip address
ipv6 traffic-filter IPv6_NET_12 in
duplex auto
speed auto
ipv6 address FE80::12:1 link-local
ipv6 address 2001:DB8:DAD:12::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_12
!
interface GigabitEthernet0/2
no ip address
ipv6 traffic-filter IPv6_NET_15 in
duplex auto
speed auto
ipv6 address FE80::15:1 link-local
ipv6 address 2001:DB8:DAD:15::1/64
ipv6 nd managed-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOL_15
!
interface Serial0/3/0
no ip address
ipv6 address FE80::6:1 link-local
ipv6 address 2001:DB8:DAD:6::1/64
ipv6 enable
ipv6 ospf 10 area 0
!
interface Serial0/3/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router ospf 10
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
ipv6 access-list IPv6_NET_11
permit ipv6 2001:DB8:DAD:11::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:11::/64 any eq ftp
!
ipv6 access-list IPv6_NET_12
permit ipv6 2001:DB8:DAD:12::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:12::/64 any eq ftp
!
ipv6 access-list IPv6_NET_15
permit ipv6 2001:DB8:DAD:15::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:15::/64 any eq ftp
!
line con 0
!
line aux 0
!
line vty 0 4
login

smallkiddo26 · ‎10-12-2021

are you configuring the routers?? cause I didnt see any zip files

Georg Pauwen · ‎10-12-2021

Hello

add the lines markef in bold to your router configuration...

Georg Pauwen · ‎10-12-2021

Hello,

for web access (http and https) you need to add two more lines. Indeed everything else will be blocked by the implicit deny:

ipv6 access-list IPv6_NET_12
permit ipv6 2001:DB8:DAD:12::/64 host 2001:DB8:DAD:10::200
permit tcp 2001:DB8:DAD:12::/64 any eq ftp
permit tcp 2001:DB8:DAD:12::/64 any eq http
permit tcp 2001:DB8:DAD:12::/64 any eq 443

smallkiddo26 · ‎10-12-2021

Hi but i have trouble with this line

permit tcp 2001:DB8:DAD:12::/64 any eq http