Skip to main content

ACL

More
16 years 8 months ago #25623 by lucky_indian
ACL was created by lucky_indian
Hi,
I have been asked to create a acl for the following problem

There is a Router directly connected two networks (student and staff)
i have just put in two pcs to represent this
the student network is
202.1.1.0

the staff network is
202.1.2.0

My task is to create an acl that does the following
(a) allows staff to access the student network
(b) disallows all access from the student to staff
(c) but allows tcp (ack, etc etc)

so the router in middle student on left (interface fa0/0) and staff on right (interface fa0/1)

my acl is:
access-list 101 permit tcp 202.1.2.0 0.0.0.255 202.1.1.0 0.0.0.255 established

access-list 101 deny tcp 202.1.1.0 0.0.0.255 202.1.2.0 0.0.0.255 established

then went into fa0/0
ip access-group 101 in
then went into fa0/1
ip access-group out

but it fails when i ping wat is wrong?
More
16 years 8 months ago #25624 by Chojin
Replied by Chojin on topic Re: ACL
ping is ICMP, not TCP.

Try again with ICMP instead of TCP

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
More
16 years 8 months ago #25666 by lucky_indian
Replied by lucky_indian on topic Re: ACL
But remb in a real life situation you will need use acknowledgments and other tcp stuff, i don't want to block all access same important process still need to take place
Time to create page: 0.115 seconds