access list help

[glennmitel]

hello i am having a few problem with access list

i want to allow traffic from 10.1.1.x /24 to get to 192.168.1.x/24 but block it going to 172.16.1.x/24

vlans are

10= 192.168.1.1/24
20=10.1.1.1/24
30=172.16.1.1/24

could someone please point me in the right way as i dont play with acl enough

thanks

in advance

glenn

CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[unclerico]

I'd love to give you the answer, but seeing as you are CCNP I'd like to see what you've tried so far.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[glennmitel]

ip access list extended 101 deny ip 10.1.1.0 0.0.0.255 any
ip access list extended 101 permit ip any any
ip access list extended 101 implicit deny ip any any

in vlan 30
ip access-group 101 in





CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[glennmitel]

also i have not worked on an access list since i passed my ccnp nearly 2 and a half years now

lol

CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[burtsbees]

access-list 101 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 101 permit ip any any
int vlan20
ip access-group 101 out

That's the best I can do with the info you provided. I am also a CCNP, got it 2 1/2 years ago, absolutely NO professional experience (I fix servers for a living), but I spend a lot of time in here and with my labs (a small one at home and a bit bigger one at work). I am in here every day, and I touch a Cisco device at least 5 times a week. Why would you get a CCNP if you don't ever plan on practicing even the basic stuff?

Just my opinion...

Burt

 

[glennmitel]

thanks

i still work on networks but now its all callmanager and unity

thanks


CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[glennmitel]

hello just tested the config and it not working

i can still ping from the 10.1.1.x to 172.16.1.x


any ideas

CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[glennmitel]

right i have sorted it

took some time but now have tested it using the right ip address that i have in my office

access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 10.12.0.0 0.0.0.255 any
access-list 101 permit ip 10.10.0.0 0.0.255.255 any
access-list 101 permit ip 10.11.0.0 0.0.0.255 any
access-list 101 permit ip 10.13.0.0 0.0.0.255 any
access-list 101 permit ip 10.1.0.0 0.0.255.255 any
access-list 101 permit ip 10.14.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 10.25.0.0 0.0.0.255 any
access-list 101 permit ip 10.26.0.0 0.0.0.255 any
access-list 101 permit ip 10.27.0.0 0.0.255.255 any
access-list 101 permit ip 10.28.0.0 0.0.0.255 any
access-list 101 permit ip 10.29.0.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 10.12.0.0 0.0.0.255 any
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
access-list 102 permit ip 10.11.0.0 0.0.0.255 any
access-list 102 permit ip 10.13.0.0 0.0.0.255 any
access-list 102 permit ip 10.1.0.0 0.0.255.255 any
access-list 102 permit ip 10.14.0.0 0.0.0.255 any
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 permit ip 10.25.0.0 0.0.0.255 any
access-list 102 permit ip 10.26.0.0 0.0.0.255 any
access-list 102 permit ip 10.27.0.0 0.0.255.255 any
access-list 102 permit ip 10.28.0.0 0.0.0.255 any
access-list 102 permit ip 10.29.0.0 0.0.0.255 any
access-list 102 deny ip any any


working a treat not bad for my first access list in nearly 2 years

CCNA,CCNP,CCVP
HP AIS
Full Mitel

 

[VinceWhirlwind]

The access-list lines are only the first half of the equation - how did you apply the access-groups to the interfaces? That's the bit that can be confusing.

 

[glennmitel]

i just need to add 101 to the internet vlan as

ip access goup 101 out

and

ip access group 102 out on all others tested all working a treat

CCNA,CCNP,CCVP
HP AIS
Full Mitel