Wired Networks Thread, Cisco ACL Help in Technical; Hello,
Please see the attached diagram. The people who own our building have a few VLAN's on our switches. The ...
30th December 2013, 08:25 PM #1
Cisco ACL Help
Please see the attached diagram. The people who own our building have a few VLAN's on our switches. The vlans in the circles belong to them. I have setup some ACL's so that any devices in these VLAN's can communicate with each other. EG a device in VLAN 120 can communicate with a device in VLAN 121 but they cannot communicate with devices outside these 3 VLANS. They can't communicate with VLAN 110, devices in VLAN 110 cannot communicated with the circled VLANs. Basically separating the left (of the switch) and the right from talking with each other. These ACL's work a treat.
I would like it so any device in VLAN 110 can go to port 80 to 22.214.171.124 (VLAN 123). But the IP Access list called BMS-WEB to allow this doesn't seem work, but it is showing matches on the rule.
Below are my rules
Below is my VLAN config
Extended IP access list CCTV-SEC
10 permit ip 126.96.36.199 0.0.0.255 188.8.131.52 0.0.0.255 (12 match(es))
20 permit ip 184.108.40.206 0.0.0.255 220.127.116.11 0.0.0.255 (12 match(es))
Extended IP access list ACC-CTRL
10 permit ip 18.104.22.168 0.0.0.255 22.214.171.124 0.0.0.255 (11 match(es))
20 permit ip 126.96.36.199 0.0.0.255 188.8.131.52 0.0.0.255 (13 match(es))
Extended IP access list BMS-NEW
10 permit ip 184.108.40.206 0.0.0.255 220.127.116.11 0.0.0.255 (8 match(es))
20 permit ip 18.104.22.168 0.0.0.255 22.214.171.124 0.0.0.255 (11 match(es))
Extended IP access list BMS-WEB
10 permit tcp 172.16.1.0 0.0.0.255 host 126.96.36.199 eq www (36 match(es))
Any ideas please?
ip address 172.16.1.254 255.255.255.0
description CCTV Security
ip address 188.8.131.52 255.255.255.0
ip access-group CCTV-SEC in
description Access CRTL
ip address 184.108.40.206 255.255.255.0
ip access-group ACC-CTRL in
ip address 220.127.116.11 255.255.255.0
ip access-group BMS-NEW in
ip access-group BMS-WEB out
30th December 2013, 09:53 PM #2
Without looking into it massivly ( I hate ACLS )
Cisco ACL's are not stateful so you have to be explicit in what can go each way.
I would imagine you have a one way rule to allow traffic to the web server but the traffic going back is being blocked.
Just a thought.....
30th December 2013, 10:07 PM #3
You was right i didn't have the return, someone on a Cisco forum helped as well.
thanks very much.
30th December 2013, 10:48 PM #4
post up the fix then otherwise some poor .... will find the thread in 3 years and curse that the solution was ommitted
30th December 2013, 11:08 PM #5
Will do once i have fully tested Dont like giving duff info
By FN-GM in forum Wired Networks
Last Post: 3rd December 2012, 09:02 PM
By FN-GM in forum How do you do....it?
Last Post: 30th November 2012, 12:28 PM
By wmb555 in forum Windows 7
Last Post: 18th May 2011, 11:46 PM
By nephilim in forum How do you do....it?
Last Post: 16th June 2010, 10:57 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)