|
Home > Archive > CCNP > September 2000 > ACCESS-LISTS???
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| HERES WHAT I HAVE
ACCESS-LIST 100 PERMIT 216.65.192.0 0.255.255.255 ANY EQ WWW
AFTER THIS WAS APPLIED TO THE INTERFACE, USERS FROM THIS NETWORK WERENT ABLE TO ACCESS WEB SITES ANYMORE---WHY NOT???WHAT ELSE DO I NEED TO ADD??? | |
|
| As I read what you posted, you have permitted everyone on 216.0.0.0 to go anywhere with port 80 traffic and denied everything else. That means if the servers they want to reach use https, they won't be permitted to reach them. Also means they can't use FTP web servers and on and on.
Is this what you wanted? Doubt the network is correct but even if you meant it to be 216.65.192.0 it still should have passed that port 80 traffic.
Probably need more info from you to better help,
Yankee | |
|
| well first off you're missing a protocol keyword but i'll assume that was typo 
you're blocking out all traffic except port 80. My guess is that your network is using external DNS servers and as such, nobody can get a name resolved because you are blocking DNS. technically, you'ld still be able to reach the web sites by ip address. keep in mind like Yankee said, your users wont be able to use FTP or HTTPS
| |
|
| Detour and Yankee have both made excellent points. I'd agree with Yankee in saying that we could use more information. Specifically I'd like to know HOW this access list was applied and to which interface.
MadChef |
|
|
|
|