|
Home > Archive > CCNA > January 2004 > Access Control Lists
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Access Control Lists
|
|
| hairy51 2004-01-06, 12:50 pm |
| Hi Guys,
Wondering if you can help me....
This is what needs to happen with an ACL:-
Company has an intranet web server host that all systems can reach at 172.16.0.1 with only HTTP access. No other protocols will be permitted to this site.
So, we need an extended IP Access control List.
Is this the right syntax?
access-list 101 permit http any host 172.16.0.1 eq 80
It doesn't look right to me! sure i have missed something.
Any help would be much appreciated!
Cheers | |
| Demijohn 2004-01-06, 2:09 pm |
| I don't believe the http keyword is valid in this command. Use ip. | |
| DrWatsonJr 2004-01-06, 5:15 pm |
| You can use the following...
access-list 101 permit TCP any host 172.16.0.1 eq 80 (or www)
Keep in mind that this will also deny all other IP traffic as well. For instance, EIGRP, HSRP, etc. | |
| hairy51 2004-01-07, 3:27 am |
| Cheers, I wasn't sure if you could use http or not, I will have to look it up! | |
| Demijohn 2004-01-07, 1:45 pm |
| There's about 12 keywords you can use in that position, including ip, tcp, and udp, but not http. Using the ip keyword will permit (or deny) both tcp and udp traffic.
You can use http when specifying the port as the good Dr. indicated (i.e eq 80, eq www, or eq http.) | |
| hairy51 2004-01-08, 4:03 pm |
| Cheers for your help.
Got a practical exam tomorrow morning which involves configuring access control lists, so hopefully should be ok now.
Fingers crossed! |
|
|
|
|