Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
0
Helpful
7
Replies

Restrict Internet Access

ifeoyenuga
Level 1
Level 1

‎11-04-2015 07:48 AM - edited ‎03-08-2019 02:34 AM

hi,

I have a radio link connection to another office from my office. We are on the same vlan on the same switch. I want to restrict them internet access but still grant them access to other services and also internal web application.

can this be done via access-list.

Thank you

Labels:
0 Helpful
7 Replies 7

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎11-04-2015 07:58 AM 

hi,
I have a radio link connection to another office from my office. We are on the same vlan on the same switch. I want to restrict them internet access but still grant them access to other services and also internal web application.
can this be done via access-list.Thank you

Hello,

Yes, you can apply ACL to allow other services with specifc destination ip address and ports and block rest by having last statement as deny ip any any.

Apply the ACL on the layer interface of the vlan.

Hope it Helps..

-GI

Rate if it Helps

0 Helpful

ifeoyenuga
Level 1
Level 1
In response to Ganesh Hariharan

‎11-04-2015 08:22 AM

Hi Ganesh,

I have tried this acceslist :

access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq 80
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq 443
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq established

int gi0/12

ip access-group 101 in

but i am unable to access the internal web applications.

0 Helpful

neofit.solovan
Level 1
Level 1
In response to ifeoyenuga

‎11-04-2015 09:36 AM

Hi,

I would use out instead. Any udp traffic on those app ?

Regards,

0 Helpful

ifeoyenuga
Level 1
Level 1
In response to neofit.solovan

‎11-04-2015 10:09 AM

Hi,

I tried out it was stil the same. there is udp on some of the apps.

All i want to block is just the ability to use the internet. Any other application on the LAN should be accessible.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to ifeoyenuga

‎11-06-2015 09:45 PM

Hello,

Glad you sorted the problem.

-GI

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to ifeoyenuga

‎11-06-2015 06:58 AM 

Hi Ganesh,
I have tried this acceslist :
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq 80
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq 443
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any eq established

int gi0/12

ip access-group 101 in but i am unable to access the internal web applications.

Hello,

By applying this acl you will only be allowing traffic with source 192.168.2.0/24 for ports 80 and 443.

What destination ip do your internal application resides and have checked the show acl 101 stats what it showing.

Try adding internal server ips in acl with requested source.

Hope it Helps..

-GI

0 Helpful

ifeoyenuga
Level 1
Level 1
In response to Ganesh Hariharan

‎11-06-2015 08:40 AM

i was able to resolve it with this

access-list 101 permit ip 192.168.0.0 0.0.255.255 host 192.168.0.0 0.0.255.255
access-list 101 deny tcp  192.168.0.0 0.0.255.255 any eq www
access-list 101 deny tcp  192.168.0.0 0.0.255.255 any eq 443

interface fastEthernet 0/0
ip access-group 101 in

Everything is fine now.

tnx

0 Helpful
Customers Also Viewed These Support Documents