[c-nsp] access list help

Steve Bertrand steve at ibctech.ca
Wed Feb 4 09:10:24 EST 2009


Deric Kwok wrote:
> Hi All
> 
> I am new in cisco and trying to config the access list in my switch
> 
> My switch ip is 192.168.0.118
> 
> I am trying to block the http traffic in the host 192.168.0.115
> 
> When I do it in, I can not accces the switch !
> But I can access http://192.168.0.115
> 
> Can you help what is wrong?
> Can you give me examples?
> 

This rule states "deny tcp traffic from any host, to 192.168.0.115, port 80"

> access-list 120 deny   tcp any host 192.168.0.115 eq www any log

This rule states that you want to allow the rest of all traffic to .115

> access-list 120 permit ip any host 192.168.0.115

Now, by default, without any other rules, the switch denies ALL other
traffic implicitly, including traffic destined to the management IP on
the switch itself.

To allow ALL other traffic to travel into, out of and to the switch, add:

# access-list 120 permit any any

...which will allow ALL other traffic to and from all ports, to any IP
address at any port.

I'd recommend permitting what you want explicitly, and then
deny-by-default, but the above will get you back up and going.

> I also don't understand the access list only for deny 192.168.0.115.
> Why it blocks me in  switch 192.168.0.118. but 192.168.0.115 is still fine?

See above.

Steve


More information about the cisco-nsp mailing list