29, 2001 9:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Work-related ACL problem [7:17695]
you must also add
access-list 101 deny udp any any eq www
ron wrote:
isn't it supposed to be:
access-list 101 deny tcp any any eq www
ron
- Original Message -
From: Wilson, Bradley
Okay gang, this one's work-related so don't feel obligated to help. ;-) I
think it's an interesting thought problem though:
The Problem I'm Trying To Solve: allow access to a particular website
(2.2.2.2) from users on a particular subnet. Do NOT allow them to access
any *other* website. Allow
A fast try:
access-list 101 permit tcp (vlan subnet) (vlan subnet re-mask) host 2.2.2.2
eq www
access-list 101 permit ip (vlan subnet) (vlan subnet re-mask) 172.0.0.0
0.255.255.255
access-list 101 deny ip any any
apply outbound to the VLAN subnet you are trying to control (i.e. VLAN 30)
Don't
The problem is in your second line. You are denying traffic *sourced*
from port 80 (www), not traffic destined for port 80. Change the line
to:
access-list 101 deny tcp any any eq www
I would even consider adding eq www to the first line since you only
want to allow web traffic to that host,
It may not be the syntax of your ACL's at all. Are you using MLS to do L3
switching with the 6509? If you are then you need the Policy Feature Card
(PFC) on your Sup blade.
It works like this: A packet hits the switch which records the destination
IP address in the CAM table and forwards it
ah yes the old in or out debate...
Brian Sonic Whalen
Success = Preparation + Opportunity
On Wed, 29 Aug 2001, John Neiberger wrote:
The problem is in your second line. You are denying traffic *sourced*
from port 80 (www), not traffic destined for port 80. Change the line
to:
Does this have anything to do with that Chambers thread? ;-)
- Original Message -
From: Brian Whalen
To:
Sent: Wednesday, August 29, 2001 4:48 PM
Subject: Re: Work-related ACL problem [7:17695]
ah yes the old in or out debate...
Brian Sonic Whalen
Success = Preparation
isn't it supposed to be:
access-list 101 deny tcp any any eq www
ron
- Original Message -
From: Wilson, Bradley
To: [EMAIL PROTECTED]
Sent: Wed, 29 Aug 2001 12:03:33 -0400
Subject: Work-related ACL problem [7:17695]
Okay gang, this one's work-related so don't feel obligated to help
To: [EMAIL PROTECTED]
Subject: Re: Work-related ACL problem [7:17695]
isn't it supposed to be:
access-list 101 deny tcp any any eq www
ron
- Original Message -
From: Wilson, Bradley
To: [EMAIL PROTECTED]
Sent: Wed, 29 Aug 2001 12:03:33 -0400
Subject: Work-related ACL problem [7:17695
you must also add
access-list 101 deny udp any any eq www
ron wrote:
isn't it supposed to be:
access-list 101 deny tcp any any eq www
ron
- Original Message -
From: Wilson, Bradley
To: [EMAIL PROTECTED]
Sent: Wed, 29 Aug 2001 12:03:33 -0400
Subject: Work-related ACL
you must also add
access-list 101 deny udp any any eq www
ron wrote:
isn't it supposed to be:
access-list 101 deny tcp any any eq www
ron
- Original Message -
From: Wilson, Bradley
To: [EMAIL PROTECTED]
Sent: Wed, 29 Aug 2001 12:03:33 -0400
Subject: Work-related ACL
: Work-related ACL problem [7:17695]
Okay gang, this one's work-related so don't feel obligated to help. ;-) I
think it's an interesting thought problem though:
The Problem I'm Trying To Solve: allow access to a particular website
(2.2.2.2) from users on a particular subnet. Do NOT allow them
12 matches
Mail list logo
