1. Home
  2. Cisco Systems
  3. ACL Help

ACL Help

Hi All,

I think I posted this somewhere else...a long time ago..cannot find it. but here goes..

I need to restrict a specific vlan on my network to only be allowed to gain a dhcp address, and hit the internet. to do this, i realize i need to allow dhcp, dns and web. i have the following acl applied on my vlan interface inbound:

access-list 101 permit udp any any eq bootps access-list 101 permit udp any host eq 67 access-list 101 permit udp any host eq 68 access-list 101 permit udp any host eq 53 access-list 101 permit tcp any host eq 53 access-list 101 permit udp host eq 53 any eq 53 access-list 101 permit tcp host eq 53 any eq 53 access-list 101 permit tcp any eq 80 any eq 80 access-list 101 deny ip 192.168.75.0 0.0.0.255

255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip any any

I can get a dhcp address, but cannot surf the web. can someone tell me what i have wrong here?

TIA,

r
Reply to
rhltechie
Loading thread data ...

First of all, whenever troubleshooting access lists, change the last line to 'deny ip any any log', try what you want and check the log.

In this particular case, you just didn't quite do the http line correctly.

permit tcp any eq 80 any eq 80

Reply to
Scooby

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.