07-29-2019 03:49 AM
Hello,
i want to create an access extended list in which it denies access from specify domains (all computers) to my web server. I have two web servers in my domain and i want to cut access in specify web server (for example WEBSERVER2).
I have created an access list (extended) but it didn't work.
My access list is :
access-list extended XXX
deny tcp A.A.A.0 0.0.0.255 host WEBSERVER2 eq www
deny tcp B.B.B.0 0.0.0.255 host WEBSERVER2 eq www
permit ip any any
Aftermath i applied it on my switch at specify interface (for example F0/1)
ip access-group XXX in
I have put "in" because at specify interface is the connection the other two domains to my domain.
Where is the fault?
Thanks in advance
07-29-2019 04:19 AM
deny tcp A.A.A.0 0.0.0.255 host WEBSERVER2 eq www <<- is this webserver 2 you mentioned IP or name ?
is the webserver 2 connected to Fas 0/1 ? can you post show run interface fast 0/1 to look config.
07-29-2019 07:01 AM
07-29-2019 08:15 AM
Like to see your Interface config, you mentioned 2 web server connected to same interface fas 0/1 ? (is this physical ?)
07-29-2019 11:40 PM
07-30-2019 12:28 AM
As my understanding you have below is your network topo
user----domainA ----Fas 0/1 -----fa0/1----domain b ----users
is this case ? your ACL should work, hence it was not working, we need more information related to configuration to confirm what is wrong.
show version
show run interface fas 0/1
show access-list
07-30-2019 10:52 PM
07-31-2019 12:35 AM
we can only suggest when we enough information about the environment and config. please post below out put.
show version
show run interface fas 0/1
show access-list
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide