Subnets [7:56745]
Here is my problem: 1) I have two subnets: 10.1.0.0 255.255.0.0 and 10.5.0.0 255.255.0.0 2) 10.5.0.0 should not access any resource on 10.1.0.0 3) 10.5.0.0 should have internet access 4) the internet access router is connected with both subnets: Ethernet 0/0 10.1.0.1 255.255.0.0 and Ethernet 0\1 10.5.0.1 255.255.0.0. 5) the wan link is on serial0\1. 6) the routing is eigrp So, the question is how to give internet access for 10.5.0.0. The internet router is a cisco 2611. Thanks in advance. Catalin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56745&t=56745 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnets [7:56745]
""Catalin"" wrote in message news:200211021650.QAA21112@;groupstudy.com... > Here is my problem: > > 1) I have two subnets: 10.1.0.0 255.255.0.0 and 10.5.0.0 255.255.0.0 > 2) 10.5.0.0 should not access any resource on 10.1.0.0 > 3) 10.5.0.0 should have internet access > 4) the internet access router is connected with both subnets: Ethernet 0/0 > 10.1.0.1 255.255.0.0 and Ethernet 0\1 10.5.0.1 255.255.0.0. > 5) the wan link is on serial0\1. > 6) the routing is eigrp > > > So, the question is how to give internet access for 10.5.0.0. > The internet router is a cisco 2611. OK. First of all, have you drawn this out in a diagram? something like: internet | router e0 e1 10.1.0.0/16 10.5.0.0/16 Second - placement of access-lists how many access-lists are required? where? which direction? can the goal be accomplished with a single access-list? well, it appears to me that you can do this in a single access-list if it is thoughtfully constructed and placed. Information you have - destination adresses that are forbidden Infomration you don't have - destination addresses that are permitted ( internet 0 well- you have this information indirectly. does this give you enough to get started? > > > Thanks in advance. > > Catalin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56749&t=56745 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnets [7:56745]
If I understand correctly, I believe this will accomplish it. access-list 100 deny ip 10.5.0.0 0.0.255.255 10.1.0.0 0.0.255.255 access-list 100 permit ip any any interface e0/1 ip access-group 100 in This will deny traffic from 10.5.0.0 from getting to 10.1.0.0, but let all other traffic through and let all 10.5.0.0 traffic get anywhere else it needs to go. ""Catalin"" wrote in message news:200211021650.QAA21112@;groupstudy.com... > Here is my problem: > > 1) I have two subnets: 10.1.0.0 255.255.0.0 and 10.5.0.0 255.255.0.0 > 2) 10.5.0.0 should not access any resource on 10.1.0.0 > 3) 10.5.0.0 should have internet access > 4) the internet access router is connected with both subnets: Ethernet 0/0 > 10.1.0.1 255.255.0.0 and Ethernet 0\1 10.5.0.1 255.255.0.0. > 5) the wan link is on serial0\1. > 6) the routing is eigrp > > > So, the question is how to give internet access for 10.5.0.0. > The internet router is a cisco 2611. > > > Thanks in advance. > > Catalin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56750&t=56745 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnets [7:56745]
Thank you for your answers. ""Catalin"" wrote in message news:200211021650.QAA21112@;groupstudy.com... > Here is my problem: > > 1) I have two subnets: 10.1.0.0 255.255.0.0 and 10.5.0.0 255.255.0.0 > 2) 10.5.0.0 should not access any resource on 10.1.0.0 > 3) 10.5.0.0 should have internet access > 4) the internet access router is connected with both subnets: Ethernet 0/0 > 10.1.0.1 255.255.0.0 and Ethernet 0\1 10.5.0.1 255.255.0.0. > 5) the wan link is on serial0\1. > 6) the routing is eigrp > > > So, the question is how to give internet access for 10.5.0.0. > The internet router is a cisco 2611. > > > Thanks in advance. > > Catalin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56807&t=56745 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
